ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ SupportSSL Channel starting with blank SSLCIPH on one end

Post new topicReply to topic
SSL Channel starting with blank SSLCIPH on one end View previous topic :: View next topic
Author Message
dextermbmq
PostPosted: Sun May 21, 2017 7:19 pm Post subject: SSL Channel starting with blank SSLCIPH on one end Reply with quote

Apprentice

Joined: 26 Jul 2014
Posts: 46

Hello All,

I faced an issue where I witnessed the SSL Channels started with SSLCIPH blank on one end of the MQ setup.

I was migrating existing MQ Clustered non SSL Setup to a SSL Setup.

I had changed the CLUSRCVR Channel definition to include the SSLCIPH attribute TLS_RSA_WITH_AES_256_CBC_SHA and SSLCIPH as REQUIRED(to allow Mutual Auth)

Now the CLUSSDR end of the channel is starting just fine and comes to running start with SSLPEER value populated with the cert details even when I did not provide the SSLCIPH values at the CLUSSDR channel end.

I am wondering how is it working provided that the SSLCIPH value must be same on both ends of the channels

Any idea?

Thanks
Back to top
View user's profile Send private message
hughson
PostPosted: Tue May 30, 2017 5:59 pm Post subject: Reply with quote

Shaman

Joined: 09 May 2013
Posts: 726
Location: Bay of Plenty, New Zealand

A manual CLUSSDR channel definition is only used as a bootstrap to get the cluster going. After things are up and running, the manual CLUSSDR channel is merged in the Repository details with the template CLUSRCVR channel definition from the queue manager at the other end. This will mean that the CLUSSDRB (Cluster-sender both auto+manual) will have the SSL fields from the CLUSRCVR, hence how it worked.

To see the actual channel definition that will be used, don't use DISPLAY CHANNEL on the CLUSSDR, but instead use DISPLAY CLUSQMGR.

Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ SupportSSL Channel starting with blank SSLCIPH on one end
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.