ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ SupportUse of RFHUTILC (IH03) with TLS 1.2 cipher on channel

Post new topicReply to topic
Use of RFHUTILC (IH03) with TLS 1.2 cipher on channel View previous topic :: View next topic
Author Message
zpat
PostPosted: Mon Aug 06, 2018 12:18 pm Post subject: Use of RFHUTILC (IH03) with TLS 1.2 cipher on channel Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5650
Location: UK

Question on support pac IH03 RFHUTILC version 7.5, when connecting via MQ client 7.1.0.7 to a remote QM (in this case z/OS MQ 7.1) over a SVRCONN channel.

Is it possible to use this TLS 1.2 cipher on the server connection channel with this program?

TLS_RSA_WITH_AES_256_CBC_SHA256 ?

This value doesnt appear in the cipher list when I press set conn id.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Aug 06, 2018 10:58 pm Post subject: Re: Use of RFHUTILC (IH03) with TLS 1.2 cipher on channel Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19728
Location: LI,NY

zpat wrote:
Question on support pac IH03 RFHUTILC version 7.5, when connecting via MQ client 7.1.0.7 to a remote QM (in this case z/OS MQ 7.1) over a SVRCONN channel.

Is it possible to use this TLS 1.2 cipher on the server connection channel with this program?

TLS_RSA_WITH_AES_256_CBC_SHA256 ?

This value doesnt appear in the cipher list when I press set conn id.

A lot has changed in SSL since version 7.5... get the latest version of RFHUtilc and try again...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
zpat
PostPosted: Mon Aug 06, 2018 11:45 pm Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5650
Location: UK

What is the latest IH03 and where is it found now?
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
exerk
PostPosted: Tue Aug 07, 2018 1:02 am Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 5898

zpat wrote:
What is the latest IH03 and where is it found now?

It shows as WITHDRAWN with only a link to the pdf guide, for me at least. What about using a CCDT?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.

Back to top
View user's profile Send private message
markt
PostPosted: Tue Aug 07, 2018 3:46 am Post subject: Reply with quote

Chevalier

Joined: 14 May 2002
Posts: 403

1. Older programs often provided two versions - one linked with libmqic, one with libmqm. The libmqm-bound programs can these days usually be forced to use client connectivity by setting MQ_CONNECT_TYPE=CLIENT in the environment.

2. rfhutilc does a bunch of CCDT or other client definition parsing that is not done by the libmqm rfhutil. Using rfhutilc's GUI connection panels you can't set cipherspecs that it doesn't know about. But using environment variables you may be able to use rfhutil instead of rfhutilc and trick it into using the CCDT directly.

3. There's apparently a bug at the moment in the process that takes supportpac pages from the authoring system out to the public site ... it's losing the anchor text for the download, though you can still see the link if you look at the page's source (ctrl-U in firefox). That is being investigated by the owners of that tool.

4. V7.5.0 is the last version of rfhutil that got released through the SupportPac process. Although there have been newer levels knocking around, they were never submitted for formal release.

5. Because we have no way to update the SupportPac further (the author was not in MQ development), it's been put on the withdrawn list. No plans to block it from download entirely for the moment, but it makes it clearer that it does what it does, and don't expect any more.
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Tue Aug 07, 2018 10:52 am Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3062
Location: London, ON Canada

Hi zpat,

Why don't you have a look at MQ Visual Edit? It can handle TLS 1.2.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
zpat
PostPosted: Wed Aug 08, 2018 11:41 am Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5650
Location: UK

Thanks for info.

Presumably the source code for IH03 belongs to IBM and they could maintain it or open-source it if they chose.

It's a shame that support pacs have been allowed to wither - they have been some of the best aspects of using MQ.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
zpat
PostPosted: Thu Aug 09, 2018 8:08 am Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5650
Location: UK

Works fine with a CCDT and setting MQSSKEYR environment variable.

Only downside is that we have far, far too many QMs for easy CCDT creation....
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ SupportUse of RFHUTILC (IH03) with TLS 1.2 cipher on channel
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.