JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE')
I am getting the following exception while trying to make a connection with remote MQ from my Java client on my local machine:
com.ibm.mq.MQException: JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE')
This is with Java version 1.7, the Oralce JRE, cipher suite 'TLS_RSA_WITH_AES_256_CBC_SHA256' and the following Maven dependencies:
<dependency>
<groupId>com.ibm.mq</groupId>
<artifactId>allclient</artifactId>
<version>9.0.0</version>
</dependency>
<dependency>
<groupId>com.sun.messaging.mq</groupId>
<artifactId>fscontext</artifactId>
<version>4.4.2</version>
</dependency>
Answer
There are three things that impact this:
If you want to use Oracle JRE you need to set
-Dcom.ibm.mq.cfg.useIBMCipherMappings=false, this will allow IBM MQ to use the Oracle Cipher Suite names likeTLS_RSA_WITH_AES_256_CBC_SHA256The signature algorithm SHA224withRSA is not supported by Oracle JRE 1.7 and is required to use the Oracle Cipher Suite
TLS_RSA_WITH_AES_256_CBC_SHA256. Based on this you would need to go to Oracle JRE 1.8.You will need to obtain and install the JCE Unlimited Strength Jurisdiction Policy Files to use a SHA256 Cipher Suite.
The information above is covered in more detail in my answer to another post "MQ Error on SSL enabled".