A fix is available
APAR status
Closed as program error.
Error description
A new parameter is required to allow TLS v1.0 to be optionally disabled on the queue manager
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM MQ for z/OS Version 9 * * Release 0 Modification 0 * **************************************************************** * PROBLEM DESCRIPTION: The ability to disable TLS v1.0 needs * * to be available. * **************************************************************** The ability to disable TLS v1.0 needs to be available as it may not comply with current security requirements.
Problem conclusion
The ability to disable TLS v1.0 has been added through the use of the DD card 'TLS10OFF'. Additionally the DD card 'TLS10ON' has been added to explicitly enable TLS v1.0. TLS v1.0 remains on by default. The MQ documentation is updated to detail messages produced by this APAR. ========== DOC Change for V900 Knowledge Center =============== The page "com.ibm.mq.ref.doc/csq_x.htm" in the Knowledge Center for V900 will be updated: Home > IBM MQ 9.0.x > IBM MQ > Reference > Messages > IBM MQ for z/OS messages, completion, and reason codes > Messages for IBM MQ for z/OS > Distributed queuing messages (CSQX...) The following is added to document the new messages that are produced: CSQX694I csect-name Cipher specifications based on the TLS v1.0 protocol are disabled. Severity 4 Explanation Cipher specifications based on the TLS v1.0 protocol are not enabled, and channels configured to use those cipher specifications fail when started. System action Processing continues. System programmer response If you do not need to use cipher specifications based on the TLS v1.0 protocol, then you can disable them by adding a dummy Data Definition (DD) statement named 'TLS10OFF' to the channel initiator JCL. For example: //TLS10OFF DD DUMMY There are alternative mechanisms that can be used to forcibly disable cipher specifications based on the TLS v1.0 protocol,if the Data Definition change is unsuitable. Contact IBM Service for further information. CSQX695I csect-name Cipher specifications based on the TLS v1.0 protocol are enabled. Severity 4 Explanation Cipher specifications based on the TLS v1.0 protocol are enabled, and channels can be configured to use those cipher specifications. System action Processing continues. System programmer response If you need to use cipher specifications based on the TLS v1.0 protocol, then no action is required. If you do not need to use cipher specifications based on the TLS v1.0 protocol, see message CSQX694I for information on how to disable TLS v1.0.
Temporary fix
Comments
APAR Information
APAR number
PI95953
Reported component name
IBM MQ Z/OS V9
Reported component ID
5655MQ900
Reported release
000
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-03-29
Closed date
2019-10-25
Last modified date
2022-03-01
APAR is sysrouted FROM one or more of the following:
PI95952
APAR is sysrouted TO one or more of the following:
UI56029 UI56030 UI56032 UI56034 UI56035 UI56036
Modules/Macros
CSQFXTXC CSQFXTXE CSQFXTXF CSQFXTXK CSQFXTXU CSQXCCIS CSQXGINI CSQXJST CSQXRCML CSQXSSLI
Fix information
Fixed component name
IBM MQ Z/OS V9
Fixed component ID
5655MQ900
Applicable component levels
R001 PSY UI78878
UP22/02/18 P F202
R002 PSY UI78879
UP22/02/18 P F202
R003 PSY UI78880
UP22/02/18 P F202
R004 PSY UI78881
UP22/02/18 P F202
R005 PSY UI78882
UP22/02/18 P F202
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0"}]
Document Information
Modified date:
02 March 2022