Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

MQ SSL handshake fails RC=2393;AMQ9204

SA-14136

Summary



Connection to secured MQ through Connect-MQ fails.


Error Messages



Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2393' ('MQRC_SSL_INITIALIZATION_ERROR').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:223)
... 30 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9204: Connection to host 'your_host(1425)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=23
93;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_AES_256_CBC_SHA],3=your_host/127.0.0.1:your_port
(
your_host),4=SSLSocket.createSocket,5=default]],3=your_host(your_port),5=RemoteTCPConnection.makeSocketSecure]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:2011)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1228)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:363)
... 29 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WI
TH_AES_256_CBC_SHA],3=
your_host/127.0.0.1:your_port (your_host),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:1754)


Steps to Reproduce

Invoke Connect-MQ to secure MQ channel from an activity.


Root Cause



A defect or configuration issue in the operating environment. After adding SSL DEBUG, "-Djavax.net.debug=true" argument to the JVM, it was observed that incorrect keyStore and trustStore were picked during SSL handshake.

18:31:16,538 INFO  [stdout] () keyStore is :
18:31:16,539 INFO  [stdout] () keyStore type is : jks
18:31:16,539 INFO  [stdout] () keyStore provider is :
18:31:16,539 INFO  [stdout] () init keystore
18:31:16,539 INFO  [stdout] () init keymanager of type SunX509
18:31:16,540 INFO  [stdout] () trustStore is: /usr/java/jdk-1.7.0_71-x86_64/jre/lib/security/cacerts
18:31:16,541 INFO  [stdout] () trustStore type is : jks
18:31:16,541 INFO  [stdout] () trustStore provider is :

On Inspecting the argument added to the JVM it was observed that there was white space and carriage return causing this issue, where right keystore and truststore file were not picked during SSL handshake.



Resolution



Make the following change to the operating environment:

​Remove white spaces from the JVM argument for SSL to resolve the issue.
Suggest Edit

Published September 23, 2015 - Updated October 8, 2020

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us