| Author |
Message
|
| Accell |
 Posted: Wed Jul 01, 2015 7:45 am Post subject: WMB Strong key support (4096 bits). |
 |
|
Novice
Joined: 07 Feb 2015
Posts: 24
|
Hi,
We are facing an issue in establishing a TLS connection to server which implements key size of 4096 bits. According to the below IBM link, the unrestricted policy files should resolve the issues with key sizes greater than 2048.
http://www-01.ibm.com/support/docview.wss?uid=swg21663373
Have replaced the but getting following exception in soaprequest.
Text:CHARACTER:java.lang.NoClassDefFoundError: javax.crypto.b (initialization failure)
Also tried change the order of security provider as below but still the issue continues.
security.provider.1=com.ibm.crypto.provider.IBMJCE
security.provider.2=com.ibm.jsse2.IBMJSSEProvider2
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
security.provider.6=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.7=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.8=org.apache.harmony.security.provider.PolicyProvider
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
Any inputs will be much appreciated. |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Wed Jul 01, 2015 7:50 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
That link doesn't refer to IIB/Broker directly.
Where did you put the unlimited policy files?
Are you using JMS? Are you using something else? |
|
| Back to top |
|
|
| Accell |
| Posted: Wed Jul 01, 2015 8:26 am Post subject: |
|
|
Novice
Joined: 07 Feb 2015
Posts: 24
|
Hi,
I placed the policy file over here:
D:\InstalledSoftware\IBM\MQSI\8.0.0.2\jre16\lib
Also,i am using HTTP. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Jul 01, 2015 8:28 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Accell wrote: |
| Also,i am using HTTP. |
HTTPRequest or HTTPInput?
Did you restart the EG and the broker?
You should hopefully also have a PMR open. |
|
| Back to top |
|
|
| Accell |
| Posted: Wed Jul 01, 2015 9:39 am Post subject: |
|
|
Novice
Joined: 07 Feb 2015
Posts: 24
|
Hi,
I am using SOAP request,the transport is HTTP.
Yes, we have restarted the broker and the EG but still. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Jul 01, 2015 9:44 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You might try the unrestricted policy files from MQ.
Also making sure that the ones you got are valid for jre16...
 |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Jul 01, 2015 10:23 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| Accell wrote: |
Hi,
I placed the policy file over here:
D:\InstalledSoftware\IBM\MQSI\8.0.0.2\jre16\lib
Also,i am using HTTP. |
Shouldn't it have been placed into
D:\InstalledSoftware\IBM\MQSI\8.0.0.2\jre16\lib\security ??
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
