| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Channel timing out with SSL |
« View previous topic :: View next topic » |
| Author |
Message
|
| BBM |
 Posted: Mon Sep 05, 2011 6:19 am Post subject: Channel timing out with SSL |
 |
|
Master
Joined: 10 Nov 2005
Posts: 217
Location: London, UK
|
Hi,
We have an issue with a client where their channel to us times out when starting up when SSL is enabled but works fine if we remove SSL.
Our channel to them works perfectly with SSL enabled or disabled.
SSL appears to be configured correctly on both sides.
We get the following error message on the receiver side:
Process(27952.1) User(mqm) Program(runmqchl_nd)
Host(mqhmts1)
AMQ9209: Connection to host 'X.X.X.X(1414)' closed.
EXPLANATION:
An error occurred receiving data from 'X.X.X.X(1414)' over TCP/IP. The
connection to the remote host has unexpectedly terminated.
ACTION:
Tell the systems administrator.
----- amqccita.c : 3471 -------------------------------------------------------
09/03/11 06:52:18 - Process(27952.1) User(mqm) Program(runmqchl_nd)
Host(mqhmts1)
AMQ9999: Channel program ended abnormally.
EXPLANATION:
Channel program 'SOURCE.TO DESTINATION' ended abnormally.
ACTION:
Look at previous error messages for channel program 'SOURCE.TO DESTINATION' in the
error files to determine the cause of the failure.
----- amqrccca.c : 921
Interestingly, we noticed that an MQ ping from us to the client fails with an AMQ4032 but we can start the channel!
I'm wondering if there is a way to increase the time out on their side, I'm guessing that the SSL handshake is taking too long.
Thanks
BBM |
|
| Back to top |
|
 |
| exerk |
| Posted: Mon Sep 05, 2011 6:42 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Do their firewalls people see anything in their logs?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Sep 05, 2011 9:28 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| exerk wrote: |
| Do their firewalls people see anything in their logs? |
I doubt they would if the channel works fine without SSL.
It may be a case of missmatched SSL components like one qmgr saying FIPS only and the other one having that parm set to false? Or trying to use a cipher that is not supported by the key/certificate?
As well be aware that you may have to test the order of the SSLPEER entries if you have multiple for the same identifier (ou=xy,ou=nm...).
I believe whether the order here is straight or reverse to the order on the cert depends on whether the source and target system have the same endianness.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
