MQ SSL handshake fails RC=2393;AMQ9204
Connection to secured MQ through Connect-MQ fails.
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2393' ('MQRC_SSL_INITIALIZATION_ERROR').
... 30 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9204: Connection to host 'your_host(1425)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=23
93;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_AES_256_CBC_SHA],3=your_host/127.0.0.1:your_port
... 29 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WI
Steps to ReproduceInvoke Connect-MQ to secure MQ channel from an activity.
A defect or configuration issue in the operating environment. After adding SSL DEBUG, "-Djavax.net.debug=true" argument to the JVM, it was observed that incorrect keyStore and trustStore were picked during SSL handshake.
18:31:16,538 INFO [stdout] () keyStore is :
18:31:16,539 INFO [stdout] () keyStore type is : jks
18:31:16,539 INFO [stdout] () keyStore provider is :
18:31:16,539 INFO [stdout] () init keystore
18:31:16,539 INFO [stdout] () init keymanager of type SunX509
18:31:16,540 INFO [stdout] () trustStore is: /usr/java/jdk-1.7.0_71-x86_64/jre/lib/security/cacerts
18:31:16,541 INFO [stdout] () trustStore type is : jks
18:31:16,541 INFO [stdout] () trustStore provider is :
On Inspecting the argument added to the JVM it was observed that there was white space and carriage return causing this issue, where right keystore and truststore file were not picked during SSL handshake.
Make the following change to the operating environment:
Remove white spaces from the JVM argument for SSL to resolve the issue.