IBM Support

IT36589: AMQ9288 message contains incorrect numeric insert and FDC with probe id CO286005 is generated

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • For CipherSpecs that are subject to a data transfer limit, if
that limit is reached the connection is terminated with message
AMQ9288 along with
FDC.

AMQ9288E: Secure data transfer limit for channel 'aaaa.bbb'
exceeded.

EXPLANATION:
CipherSpec 'TLS_AES_256_GCM_SHA384' has reached a data
transfer limit of 0 (the transfer limit is expressed in terms
of TLS records for GCM ciphers, or MB for all other ciphers).
Session keys using this CipherSpec must be used only to encrypt
a limited quantity of data to reduce the risk of key
compromise.

For some CipherSpecs, the data transfer limit is incorrectly
stated as "0", and a failure data capture (FDC) record with
probe ID CO286005 is incorrectly generated.

Local fix

  • 



Problem summary


    

  • ****************************************************************
USERS AFFECTED:
Customers using TLS_AES_256_GCM_SHA384 or
TLS_AES_128_GCM_SHA256, who are not using key renegotiation and
reach the data transfer limit.


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
A logic error within MQ's internal TLS routines meant that
TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256 were not
correctly identified as being subject to a data transfer limit.
As such, if a data transfer limit was reached when using one of
these cipherspecs, it was incorrectly treated as an unexpected
return code.

    



Problem conclusion


    

  • The MQ client and queue manager logic has been updated to
correctly expect a data transfer limit to be applied for the
TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256 cipherspecs.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.2 LTS   9.2.0.4
v9.x CD    9.2.4

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT36589
    • 

  • Reported component name
    MQ BASE V9.2
    • 

  • Reported component ID
    5724H7281
    • 

  • Reported release
    920
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-04-15
    • 

  • Closed date
    2021-09-10
    • 

  • Last modified date
    2021-09-10
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    MQ BASE V9.2
    • 

  • Fixed component ID
    5724H7281
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"920"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 September 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback