Six Stars

SSL connectivity to MQ Server from client

I have a Talend job that publishes messages to MQ on a remote Websphere MQ server. I used tMomOutput in the job. The job works fine. However, it doesn't work once the SSL security is enabled on the remote MQ server.  The cipher suite set on the MQ server is "SSL_RSA_WITH_DES_CBC_SHA".
I imported the signed certs of the remote MQ server in the client computer's trust-store and also set the cipher suite to "SSL_RSA_WITH_DES_CBC_SHA" (on the weblogic server where the Talend job is deployed). Also, I set the "CipherSpec" to "TRIPLE_DES_SHA_US" (that sets the cipher suite to "SSL_RSA_WITH_DES_CBC_SHA") in the tMomOutput component. The job fails with the following error:
"Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
        at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
        at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1482)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1351)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at com.ibm.mq.SSLHelper.configureSSLSocket(SSLHelper.java:768)
        at com.ibm.mq.SSLHelper.createSSLSocket(SSLHelper.java:154)"
I am not sure what's causing this error. Could someone please help me? Am I missing any additional settings in Talend?
Thanks for your help.
5 REPLIES
Moderator

Re: SSL connectivity to MQ Server from client

Hi,
Could you please try to use component TalendHelpCenter:tSetKeystore to submit authentication data of a truststore with keystore to validation for the SSL connection to see if it works?
Best regards
Sabrina
--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.
Six Stars

Re: SSL connectivity to MQ Server from client

Thanks, xdshi. 
I tried that, it doesn't work (deployed on weblogic). It throws this error:
 
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. ,3=xxxxxx.xxxxx.com/xxx.xxx.xx.62:1414 (xxxxx.xxxxx.com),4=SSLSocket.startHandshake,5=default]
        at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(Remote
------------------
Although I imported the certs into DemoTrust.jks and the tSetKeyStore points to this file, its still failing. However, this job works fine from Talend OpenStudio and also works when I run as a Standalone job (using the .sh file)
Thanks again.
One Star

Re: SSL connectivity to MQ Server from client

Hi!
Always concentrate your attention on "cause" block:
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
http://stackoverflow.com/questions/28236091/how-to-enable-ssl-3-in-java
Also check General Java setting: Control Panel ->Java
Good Luck.
Four Stars

Re: SSL connectivity to MQ Server from client

Hi 
Is this connection is successfully established, I am also getting same error

Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
        at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
        at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1482)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1351)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at com.ibm.mq.SSLHelper.configureSSLSocket(SSLHelper.java:768)
        at com.ibm.mq.SSLHelper.createSSLSocket(SSLHelper.java:154)
        at com.ibm.mq.MQInternalCommunications.createSocketConnection(MQInternalCommunications.java:2288)
        at com.ibm.mq.MQv6InternalCommunications$1.run(MQv6InternalCommunications.java:166)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.ibm.mq.MQv6InternalCommunications.initialize(MQv6InternalCommunications.java:163)
        at com.ibm.mq.MQv6InternalCommunications.<init>(MQv6InternalCommunications.java:111)
        at com.ibm.mq.MQSESSIONClient.MQCONNX(MQSESSIONClient.java:1458)
        at com.ibm.mq.MQSESSIONClient.MQCONN(MQSESSIONClient.java:1369)
        at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:252)
I am using tSetKeyStore component as well configured 
Thanks
Anil Kumar Burri
Four Stars

Re: SSL connectivity to MQ Server from client

Hi 
Any Help !!