Fixes are available
APAR status
Closed as program error.
Error description
A WebSphere MQ File Transfer Edition (FTE) SFTP protocol bridge agent fails to establish an SSH connection to the SFTP server using cipher specs: aes128-ctr, aes192-ctr, or aes256-ctr. The SSH negotiation fails and FTE disconnects from the SFTP server. The following BFGBT0104E error is reported and indicates that the "algorithm negotiation fails": c.i.w.t.frame.impl.TransferFrameReceiverImpl -- d processChunk data [Recoverable I/O exception com.ibm.wmqfte.io.FTETransferIOException: BFGBR0104E: Bridge agent failed to connect to host XXX.XXX.XXX.XXX with credentials of serverUserId because Algorithm negotiation fail]
Local fix
Use one of the JSCH default ciphers, aes128-cbc or aes192-cbc, currently supported by WMQFTE.
Problem summary
**************************************************************** USERS AFFECTED: Users of WebSphere MQ File Transfer Edition/Managed File Transfer 7.0.4 and 7.5 that are using the Protocol Bridge Agent connecting to an SFTP Server. Platforms affected: MultiPlatform **************************************************************** PROBLEM SUMMARY: When connecting to an SFTP Server it is not possible to define the cipher to use and so uses the default ciphers of aes128-cbc, aes192-cbc and aes256-cbc. If these ciphers have been disabled on the SFTP Server then the FTE transfer will fail with the following: BFGBR0104E: Bridge agent failed to connect to host XXX.XXX.XXX.XXX with credentials of USERNAME because Algorithm negotiation fail
Problem conclusion
This APAR solves the problem by allowing a list of ciphers to use on the SFTP connection to be defined in the ProtocolBridgeProperties.xml file which is located within the config directory of the protocol bridge agent. The new 'cipherList' attribute should be added to the sftpServer element to define the list of comma separated ciphers to use in order of preference. For exmaple: <tns:sftpServer name="xxxx" host="xxxx" platform="UNIX" fileEncoding="UTF-8" limitedWrite="false" cipherList="aes128-ctr,aes192-ctr" /> --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Platform v7.0 -------- -------------------- Multiplatforms 7.0.4.3 Platform v7.5 -------- -------------------- Multiplatforms 7.5.0.2 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IC88987
Reported component name
WMQ FILE TRANSF
Reported component ID
5724R1000
Reported release
704
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-12-10
Closed date
2013-02-14
Last modified date
2013-02-14
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ FILE TRANSF
Fixed component ID
5724R1000
Applicable component levels
R704 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEP7X","label":"WebSphere MQ File Transfer Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.4","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
14 February 2013