APAR status
Closed as program error.
Error description
The AMQ9788 message reports that a channel instance has failed due to a deprecated CipherSpec being configured. It is expected that this message will contain the configured CipherSpec name, however the message contains random characters in place of the CipherSpec name: AMQ9788: The channel 'CHANNEL.NAME' specified a weak or broken CipherSpec. EXPLANATION: The SSL or TLS channel 'CHANNEL.NAME' is configured to use a weak or broken CipherSpec 'ÿÿÿÿð?ó'. This error occurs when the channel has requested to use a CipherSpec that utilizes cryptographic algorithms or protocols that are now considered to be broken or weak. The channel did not start. ACTION: Ensure that the channel is configured to use a CipherSpec that uses a stronger set of cryptographic algorithms or a stronger protocol. Alternatively, configure the queue manager to re-enable the weaker CipherSpec 'ÿÿÿÿð?ó' using the AMQ_SSL_WEAK_CIPHER_ENABLE environment variable, or via the 'AllowWeakCipherSpec' attribute under the SSL stanza in the qm.ini file.
Local fix
Review the channel definition of the channel identified in the AMQ9788 message to determine the currently configured CipherSpec. This can be done using MQ Explorer, a PCF query or with the following runmqsc command against the queue manager: DISPLAY CHANNEL('CHANNEL.NAME') SSLCIPH
Problem summary
**************************************************************** USERS AFFECTED: This issue affects users of MQ 7.1.0.7 who are attempting to start a channel configured with a CipherSpec which is deprecated as per APAR IV73287, and have not re-enabled weak CipherSpecs Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: A coding error within the changes for APAR IV73287 meant that the message insert string which should have contained the CipherSpec name was not correctly initialized in the error path that reports the AMQ9788 error message. APAR IV73287 was included in MQ 7.1.0.7. Although IV73287 covers multiple MQ releases, no other releases exhibit this missing message insert.
Problem conclusion
The MQ queue manager logic has been updated to correctly initialize the message insert to be the configured CipherSpec name before printing the AMQ9788 message to the queue manager error log. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v7.1 7.1.0.8 v7.5 7.5.0.7 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT16571
Reported component name
WMQ WINDOWS V7
Reported component ID
5724H7220
Reported release
710
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-08-11
Closed date
2016-09-22
Last modified date
2017-05-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ WINDOWS V7
Fixed component ID
5724H7220
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDEZSF","label":"IBM WebSphere MQ Managed File Transfer for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 March 2023