APAR status
Closed as program error.
Error description
The JRE for WebSphere Application Server 8.5 was upgraded between versions: 7.1.4.35 to 7.1.4.75 Following the upgrade, when the application server was restarted and an application attempted to connect to the queue manager using the MQ classes for Java, specifying the following properties and values in the Hashtable used on the MQQueueManager constructor: MQConstants.SSL_FIPS_REQUIRED_PROPERTY = true MQConstants.PORT_PROPERTY = <QUEUE MANAGER PORT NUMBER> MQConstants.HOST_NAME_PROPERTY = <QUEUE MANAGER HOST NAME> MQConstants.CHANNEL_PROPERTY = <QUEUE MANAGER CHANNEL NAME> MQConstants.SSL_CIPHER_SUITE_PROPERTY = "SSL_RSA_WITH_3DES_EDE_CBC_SHA" MQConstants.TRANSPORT_PROPERTY = MQConstants.TRANSPORT_MQSERIES_CLIENT then the connection request failed to be established, with the following exception being reported back to the application: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2538;AMQ9204: Connection to host 'myhost.mydomain:1414' rejected. [1=java.lang.NumberFormatException[For input string: "20201001--155"],3=myhost.mydomain:1414,4=TCP,5=Socket.connect] at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.connnectUsingLoc alAddress(RemoteTCPConnection.java:996) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect( RemoteTCPConnection.java:1267) at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConne ction.java:739) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSes sionFromNewConnection(RemoteConnectionSpecification.java:358) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSes sion(RemoteConnectionSpecification.java:267) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(Remo teConnectionPool.java:162) at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java: 1710) at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java: 1348) at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:924) at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11. java:221) at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedCon nection(MQClientManagedConnectionFactoryJ11.java:553) at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConn ection(MQClientManagedConnectionFactoryJ11.java:593) at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnectio n.java:96) at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimple ConnectionManager.java:198) at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueu eManagerFactory.java:893) at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.j ava:780) at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueMa nagerFactory.java:729) at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManag erFactory.java:177) at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:753) ... ... ... Caused by: java.lang.NumberFormatException: For input string: "20201001--155" at java.lang.NumberFormatException.forInputString(NumberFormatExcep tion.java:77) at java.lang.Integer.parseInt(Integer.java:504) at java.lang.Integer.parseInt(Integer.java:539) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.chooseSocketFact ory(RemoteTCPConnection.java:2246) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1950) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.connnectUsingLoc alAddress(RemoteTCPConnection.java:860) ... 23 more
Local fix
Problem summary
**************************************************************** USERS AFFECTED: This issue affects users of the WebSphere MQ resource adapter v7.1 embedded within WebSphere Application Server 8.5, who have systems that meet the requirements shown below: (1) The FIPS enablement flag on the connection request needs to have been configured. For example: For the MQ classes for Java, using the com.ibm.mq.MQQueueManager constructor properties Hashtable containing the entry: MQConstants.SSL_FIPS_REQUIRED_PROPERTY = true For the MQ classes for JMS, using the MQConnectionFactory setter method: com.ibm.mq.jms.MQConnectionFactory.setSSLFipsRequired( true ) or setting the corresponding object property: SSLFIPSREQUIRED = YES (2) Not using a TLS v1.2 CipherSuite (the WebSphere MQ Resource Adapter v7.1 does not provide support for newer TLS protocols than 1.2) (3) Using an IBM JRE which is at the following versions or newer: Java 7.0.10.60 Java 7.1.4.60 Java 8.0.5.40 (4) A custom socket factory has not been provided to the MQ classes for Java/JMS, for example by using the method: 	com.ibm.mq.jms.MQConnectionFactory.setSSLSocketFactory(java .lang.Object sf) Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: If all of the conditions listed above are met, then an attempt to establish a connection to MQ from either the MQ classes for Java or JMS APIs would fail with exception containing the root cause: Caused by: java.lang.NumberFormatException: For input string: "20210407--269" at java.lang.NumberFormatException.forInputString(NumberFormatExcep tion.java:76) at java.lang.Integer.parseInt(Integer.java:592) at java.lang.Integer.parseInt(Integer.java:627) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.chooseSocketFact ory(RemoteTCPConnection.java:2246) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1950) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.connnectUsingLoc alAddress(RemoteTCPConnection.java:860) ... 15 more Note that the input string reported will change depending on the version of the JRE being used. When the MQ classes for Java/JMS had been been configured to make a FIPS compliant connection using an older TLS protocol (TLS 1.1 and earlier), the WebSphere MQ Resource Adapter v7.1 was required to set a JVM System Property, which varied depending on the version of the IBM Java JSSE FIPS provider which was present in the current Java runtime. To do this, the WebSphere MQ Resource Adapter v7.1 was checking the implementation version number of the IBM JSSE FIPS provider, the format for which changed in the IBM JRE versions: Java 7.0.10.60 Java 7.1.4.60 Java 8.0.5.40 Consequently the parsing of the version information would fail, resulting in the connection attempt failing. This issue only affects the WebSphere MQ Resource Adapter v7.1.
Problem conclusion
The WebSphere MQ Resource Adapter v7.1 has been updated such that it will be able to process the newer JRE style version information contained within the IBM JSSE FIPS provider package. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT40433
Reported component name
MQ WINDOWS V7
Reported component ID
5724H7220
Reported release
710
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-03-29
Closed date
2022-05-11
Last modified date
2022-05-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
MQ WINDOWS V7
Fixed component ID
5724H7220
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFKSJ","label":"WebSphere MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1"}]
Document Information
Modified date:
12 May 2022