Direct link to fix
APAR status
Closed as program error.
Error description
Update the JRE within IBM MQ 9.0 to JRE version: 8.0.4.1 with the addition of the JRE APARs: IV93420 + IV94326 and the following configuration property and value defined: com.ibm.security.EnforceStrictDER=false
Local fix
Problem summary
**************************************************************** USERS AFFECTED: The JRE which is embedded into IBM MQ is used to run the following Java components of the product: IBM MQ Managed File Transfer IBM MQ Explorer IBM MQ Extended Reach (MQXR) service IBM MQ Advanced Message Queuing Protocol (AMQP) Platforms affected: AIX, Linux on Power, Solaris x86-64, Windows, Solaris SPARC, Linux on zSeries, Linux on x86-64, Linux on x86, Linux on S390 **************************************************************** PROBLEM DESCRIPTION: This APAR updates the Java Runtime Environment (JRE) supplied with IBM MQ 9. See below for platforms updated and to which version.
Problem conclusion
This APAR updates the JRE updates for the following platforms for IBM MQ 9.0 to Java version 8.0.4.1 plus IV93420 and IV94326: AIX Linux (x86-64) Linux (PPC64LE) zLinux (s390x) Windows (64-bit) Java APAR IV94326 resolves an issue where an error message is reported when using certificates that contain DER encodings which are not encoded in the shortest form possible. http://www.ibm.com/support/docview.wss?uid=swg1IV94326 The APAR updates the JRE to recognise the system property: com.ibm.security.EnforceStrictDER which can be set to disable some of these strict DER encoding checks. The above APAR documents that the stricter checking is performed by default, and an exception is thrown unless this system property's value is set to false. The JRE shipped by this MQ APAR reverses the default behaviour for the stricter checking enforced by APAR IV94326, by configuring the property in the following way: com.ibm.security.EnforceStrictDER=false by default for applications using this JRE. The result of this JRE configuration update is that exceptions are not seen when using certificates which contain DER encodings that are not encoded in the shortest form possible. If stricter checking is desired in your environment, then the JRE system property: com.ibm.security.EnforceStrictDER must be set to the value 'true' in your environment, for example by using the JRE argument: -Dcom.ibm.security.EnforceStrictDER=true The following Technote describes how to set this property in your environment in more detail: http://www.ibm.com/support/docview.wss?uid=swg22000235 --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v9.0 CD 9.0.3 v9.0 LTS 9.0.0.1 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT19456
Reported component name
IBM MQ BASE M/P
Reported component ID
5724H7261
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-02-27
Closed date
2017-05-02
Last modified date
2017-06-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM MQ BASE M/P
Fixed component ID
5724H7261
Applicable component levels
R900 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
01 June 2017