IBM Support

PH24582: CSQX635E INVALID CIPHER SPECIFICATION 009D FOR CHANNEL IF WCIPSOFF DEFINED

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • CSQX635E occurs when an SSL/TLS channel using x'009D' for
CipherSpec TLS_RSA_WITH_AES_256_GCM_SHA384 and the CHIN has the
DD card WCIPSOFF defined.

Local fix

  • Undefine the WCIPSOFF DD card.

Problem summary

  • ****************************************************************
* USERS AFFECTED: All users of IBM MQ for z/OS Version 9       *
*                 Release 1 Modification 0                     *
****************************************************************
* PROBLEM DESCRIPTION: When the WCIPSOFF DD card is set, it    *
*                      was not possible to use ciphers         *
*                      directly by specifying their HEX        *
*                      value, unless the cipher is explicitly  *
*                      supported by and considered strong by   *
*                      MQ.                                     *
****************************************************************
When the WCIPSOFF DD card is set, it was not possible to use
ciphers directly by specifying their HEX value, since WCIPSOFF
forced only "Strong" ciphers (explicitly supported by MQ) to be
loaded. This prevents new ciphers released by SystemSSL from
being used, until MQ explicitly supports them.

Problem conclusion

  • The effect of setting WCIPSOFF has been changed, so you can now
use new CipherSpecs that are not explicitly supported by MQ.
(Instead of only allowing ciphers explicitly supported by MQ,
we allow any cipher that is not explicitly considered weak/
broken by MQ).

MQ has been updated to include all current weak/broken ciphers,
preventing the problem raised in PI97243 from resurfacing
(as all weak/broken ciphers are now excluded when using
WCIPSOFF).

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH24582
    • 

  • Reported component name
    IBM MQ Z/OS V9
    • 

  • Reported component ID
    5655MQ900
    • 

  • Reported release
    100
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-04-20
    • 

  • Closed date
    2020-08-14
    • 

  • Last modified date
    2020-11-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI71075
    

    • 



Modules/Macros


    

  • CSQXGINI

    



Fix information


    

  • Fixed component name
    IBM MQ Z/OS V9
    • 

  • Fixed component ID
    5655MQ900
    • 



Applicable component levels


    

  • R100  PSY  UI71075
       UP20/11/02  P  F010
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            03 November 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback