A fix is available
APAR status
Closed as program error.
Error description
CSQX635E occurs when an SSL/TLS channel using x'009D' for CipherSpec TLS_RSA_WITH_AES_256_GCM_SHA384 and the CHIN has the DD card WCIPSOFF defined.
Local fix
Undefine the WCIPSOFF DD card.
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM MQ for z/OS Version 9 * * Release 1 Modification 0 * **************************************************************** * PROBLEM DESCRIPTION: When the WCIPSOFF DD card is set, it * * was not possible to use ciphers * * directly by specifying their HEX * * value, unless the cipher is explicitly * * supported by and considered strong by * * MQ. * **************************************************************** When the WCIPSOFF DD card is set, it was not possible to use ciphers directly by specifying their HEX value, since WCIPSOFF forced only "Strong" ciphers (explicitly supported by MQ) to be loaded. This prevents new ciphers released by SystemSSL from being used, until MQ explicitly supports them.
Problem conclusion
The effect of setting WCIPSOFF has been changed, so you can now use new CipherSpecs that are not explicitly supported by MQ. (Instead of only allowing ciphers explicitly supported by MQ, we allow any cipher that is not explicitly considered weak/ broken by MQ). MQ has been updated to include all current weak/broken ciphers, preventing the problem raised in PI97243 from resurfacing (as all weak/broken ciphers are now excluded when using WCIPSOFF).
Temporary fix
Comments
APAR Information
APAR number
PH24582
Reported component name
IBM MQ Z/OS V9
Reported component ID
5655MQ900
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-04-20
Closed date
2020-08-14
Last modified date
2020-11-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI71075
Modules/Macros
CSQXGINI
Fix information
Fixed component name
IBM MQ Z/OS V9
Fixed component ID
5655MQ900
Applicable component levels
R100 PSY UI71075
UP20/11/02 P F010
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100"}]
Document Information
Modified date:
03 November 2020