| Author |
Message
|
| crusader |
 Posted: Wed Jan 13, 2016 6:21 pm Post subject: Unsupported ciphersuite SSL_RSA_WITH_AES_256_CBC_SHA |
 |
|
Novice
Joined: 28 Dec 2015
Posts: 16
|
I'm trying to establish TLS connection from mq client to mq server.
my mq server version is 7.0, i use TLS_RSA_WITH_AES_128_CBC_SHA as cipher spec for my channel on mq server side.
my mq client jar version is 7.5.0.5. I use SSL_RSA_WITH_AES_128_CBC_SHA cipher suite for my jms.
I got this "Unsupported ciphersuite SSL_RSA_WITH_AES_256_CBC_SHA" error.
any pointer would be appreciated  |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Wed Jan 13, 2016 9:47 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
What value did you set SSL FIPS_REQUIRED to ? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| crusader |
| Posted: Wed Jan 13, 2016 9:52 pm Post subject: |
|
|
Novice
Joined: 28 Dec 2015
Posts: 16
|
| I set "No" for "SSL_FIPS Required" to |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed Jan 13, 2016 11:38 pm Post subject: Re: Unsupported ciphersuite SSL_RSA_WITH_AES_256_CBC_SHA |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| crusader wrote: |
my mq server version is 7.0, |
Your MQ server version is out of support. Ever thought about upgrading?
SSL is also considered insecure. You should be using TLS
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Jan 14, 2016 5:28 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| crusader wrote: |
| I set "No" for "SSL_FIPS Required" to |
Did you look at the matching table for cipherspec and ciphersuite which also shows the required value for SSL FIPS?
I believe in your case this would have shown true. So your cipher information did not match... working as designed...
On the other hand unsupported ciphersuite could also mean that your keysize is too small (min 2K required these days for FIPS), or your key has been built with the wrong algorithm... (like trying a conventional triple des with an elliptic curve key... )
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
