在上面的链接中，关注的表位于" SunRsaSign Provider "，其中列出了以下受支持的签名算法:请注意，SHA224withRSA在列表中不是.同一dW Answers帖子继续显示:在上面的链接中，关注的表格在" SunRsaSign提供程序"列出了以下受支持的签名算法:请注意，SHA224withRSA 在列表中.来自dW帖子的建议:尝试使用Oracle Java 8(1.8)尝试使用IBM Java考虑到通过以上故障排除方法收集的所有信息，答案是，无法使用MQv7.1.0.7 MQ Java客户端将TLSv1.2密码与Oracle Java小于8的密码一起使用.根据我提供的最新dW Answers帖子，IBM建议尝试使用MQ v8，但我认为他们没有测试此配置，因此它可能也不起作用.如果您想尝试使用MQ v8，我建议您使用我已经提供链接的最新的v8.0.0.5 Java仅可再发行客户端客户机客户端软件包.We have enabled SSL onMQ version '7.1.0.7'OS->'Linux 2.6.32-642.11.1.el6.x86_64'two months back [aug-2016] and its working fine with SSL enabled and disabled modeJava Client usesjdk1.7.0_21Worked cipher/suite -> SSL_RSA_WITH_RC4_128_SHA <> RC4_SHA_USWhen I try to connect to a MQ v7.1.0.7 queue manager the application is throwing below error: com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2397'. at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:228) at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:553) at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:593) at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:95) at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:198) at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:882)In the queue manager error log AMQERR01.LOG I see this:AMQ9616: The CipherSpec proposed is not enabled on the server. EXPLANATION: The SSL or TLS subsystem at the server end of a channel been configured in such a way that it has rejected the CipherSpec proposed by an SSL or TLS client. This rejection occurred during the secure socket handshake (i.e. it happened before the proposed CipherSpec was compared with the CipherSpec in the server channel definition).We have a MQ v6.0.2.12 queue manager where this is working fine.Could some one provide help what went wrong for system , which was working before?Resolved by adding below lines in qm.ini fileSSL: AllowSSLV3=Y AllowWeakCipherSpec=YWorked below TLSv1TLS_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA TLSv1 TRUETLS_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLSv1 TRUEFailed with TLSv1.2TLS_RSA_WITH_RC4_128_SHA256 SSL_RSA_WITH_RC4_128_SHA TLSv1.2 FALSEI tried with these settings:SSLContext sslContext = SSLContext.getInstance("TLSv1");-Dcom.ibm.mq.cfg.preferTLS=true-Dcom.ibm.mq.cfg.useIBMCipherMappings=falseError is com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2397'In the AMQERR01.LOG There is a mismatch between the CipherSpecs on the local and remote endsof channel 'TEST.CH'. The channel will not run until this mismatch isresolved.The CipherSpec required in the local channel definition is'TLS_RSA_WITH_RC4_128_SHA256'. The name of the CipherSpec negotiated duringthe SSL handshake is 'RC4_SHA_US'. A code is displayed if the name of thenegotiated CipherSpec cannot be determinedSSLContext sslContext = SSLContext.getInstance("TLSv1.2");MQEnvironment.sslFipsRequired = true;MQEnvironment.sslCipherSuite ="SSL_RSA_WITH_AES_256_CBC_SHA256";ALTER CHANNEL(TEST.CH) CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA256)REFRESH SECURITY TYPE(SSL)Client Execute/apps/java/jdk1.7.0_21/bin/java -Dcom.ibm.mq.cfg.preferTLS=true -Dcom.ibm.mq.cfg.useIBMCipherMappings=false -classpath .:/tmp/mqssl/com.ibm.mq.jmqi.jar:/tmp/mqssl/com.ibm.mq.jar:com.ibm.ws.webservices.thinclient_8.5.0.jar MQProducerSSLGetting error as MQJE001: Completion Code '2', Reason '2400'MQRC_UNSUPPORTED_CIPHER_SUITE (2400)Still same error , but in my client java prg have enabled System.setProperty("javax.net.debug", "all"); to see all activities while execute client. Its Printing TLS_RSA_WITH_AES_256_CBC_SHA256 as Ignoring unavailable cipher suite as below Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256Before call MQJE001: Completion Code '2', Reason '2400'.MQJE001: Completion Code '2', Reason '2400'.Tested with IBM-JDK-71 Same ExceptionSSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA<><>ECDHE_ECDSA_3DES_EDE_CBC_SHA256SSL_ECDHE_RSA_WITH_NULL_SHA<><>ECDHE_RSA_NULL_SHA256 com.ibm.mq.jar Specification-Version: 7.1.0.1Specification-Vendor: IBM CorporationImplementation-Title: WebSphere MQ classes for JavaImplementation-Version: 7.1.0.1 - k710-001-120424com.ibm.mq.jmqi.jar Specification-Version: 7.1.0.1Specification-Vendor: IBM CorporationImplementation-Title: WebSphere MQ Interface for JavaImplementation-Version: 7.1.0.1 - k710-001-120424Since MQ and Client Running in same machine ,got Specification-Version: 7.1.0.7 jarsTesting done with 2 scenarios by changing the classpathWithout -Dcom.ibm.mq.cfg.useIBMCipherMappings=falsejdk1.7.0_21/bin/java -Dcom.ibm.mq.cfg.preferTLS=true -classpath .:/opt/mqm/java/lib/com.ibm.mq.jmqi.jar:/opt/mqm/java/lib/com.ibm.mq.jar MQProducerSSLgot exception MQJE001: Completion Code '2', Reason '2400'With -Dcom.ibm.mq.cfg.useIBMCipherMappings=false/apps/hostlink/java/jdk1.7.0_21/jdk1.7.0_21/bin/java -Dcom.ibm.mq.cfg.preferTLS=true -Dcom.ibm.mq.cfg.useIBMCipherMappings=true -classpath .:/opt/mqm/java/lib/com.ibm.mq.jmqi.jar:/opt/mqm/java/lib/com.ibm.mq.jar MQProducerSSLgot exception MQJE001: Completion Code '2', Reason '2393' com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2393'.at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:232)at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:553)at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:593)at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:96)at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:198)at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:893)at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:780)at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:729)at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:177)at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:674)at MQProducerSSL.main(MQProducerSSL.java:89)Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9204: Connection to host 'localhost(2017)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2393;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Cannot support TLS_RSA_WITH_AES_256_CBC_SHA256 with currently installed providers],3=localhost/127.0.0.1:2017 (localhost),4=SSLSocket.createSocket,5=default]],3=localhost(2017),5=RemoteTCPConnection.makeSocketSecure]MQEnvironment.sslFipsRequired = false;MQEnvironment.sslCipherSuite = "TLS_RSA_WITH_AES_128_CBC_SHA256";ALTER CHANNEL(TEST.CH) CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)/apps/hostlink/java/jdk1.7.0_21/jdk1.7.0_21/bin/java -Dcom.ibm.mq.cfg.preferTLS=true -Dcom.ibm.mq.cfg.useIBMCipherMappings=false -classpath .:/opt/mqm/java/lib/com.ibm.mq.jmqi.jar:/opt/mqm/java/lib/com.ibm.mq.jar MQProducerSSLMQJE001: Completion Code '2', Reason '2397'.MQJE001: Completion Code '2', Reason '2397'.com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2397'. at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:232) at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:553) at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:593) at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:96) at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:198) at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:893) at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:780) at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:729) at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:177) at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:674) at MQProducerSSL.main(MQProducerSSL.java:89)Worked below TLSv1----Spec---- TLS_RSA_WITH_DES_CBC_SHA---Suite---- SSL_RSA_WITH_DES_CBC_SHATLSv1 TRUE Not working , when given below parameters , throwing **MQJE001: Completion Code '2', Reason '2400'**-Dcom.ibm.mq.cfg.useIBMCipherMappings=false-Dcom.ibm.mq.cfg.preferTLS=truedoubt on TLSv1 , if TLSv1 working without above parameters , why need to provide -Dcom.ibm.mq.cfg.preferTLS=true for TLSv2?even with IBM-JDK 7.1 also TLSv2 not working, what could be issue?Need to try with MQ8?Complete Exception in consoleMQJE001: Completion Code '2', Reason '2397'.com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2397'. at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:232) at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:553) at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:593) at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:96) at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:198) at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:893) at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:780) at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:729) at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:177) at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:674) at MQProducerSSL.main(MQProducerSSL.java:89)Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'localhost(2017)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Error signing certificate verify],3=localhost/127.0.0.1:2017 (localhost),4=SSLSocket.startHandshake,5=default]],3=localhost(2017),5=RemoteTCPConnection.protocolConnect] at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2098) at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1347) at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:924) at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:221) ... 10 moreCaused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Error signing certificate verify],3=localhost/127.0.0.1:2017 (localhost),4=SSLSocket.startHandshake,5=default] at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1310) at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:714) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:356) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:265) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:144) at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1709) ... 13 moreCaused by: javax.net.ssl.SSLHandshakeException: Error signing certificate verify at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:987) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:285) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1280) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1273) at java.security.AccessController.doPrivileged(Native Method) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1271) ... 18 moreCaused by: java.security.NoSuchAlgorithmException: SHA224withRSA Signature not available at java.security.Signature.getInstance(Signature.java:224) at sun.security.ssl.JsseJce.getSignature(JsseJce.java:241) at sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(HandshakeMessage.java:1552) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:982) ... 29 morefrom AMQERR01.LOG----- amqrmrsa.c : 930 --------------------------------------------------------01/31/2017 08:45:00 PM - Process(14444.328) User(mqm) Program(amqrmppa) Host(testvm) Installation(Installation1) VRMF(7.1.0.7) QMgr(TLSTEST.QM)AMQ9665: SSL connection closed by remote end of channel '????'.EXPLANATION:The SSL or TLS connection was closed by the remote host 'localhost (127.0.0.1)'during the secure socket handshake. The channel is '????'; in some cases itsname cannot be determined and so is shown as '????'. The channel did not start.ACTION:Check the remote end of the channel for SSL and TLS errors. Fix them andrestart the channel.----- amqccisa.c : 6478 -------------------------------------------------------01/31/2017 08:45:00 PM - Process(14444.328) User(mqm) Program(amqrmppa) Host(testvm) Installation(Installation1) VRMF(7.1.0.7) QMgr(TLSTEST.QM)AMQ9492: The TCP/IP responder program encountered an error.EXPLANATION:The responder program was started but detected an error.The host name was 'localhost (127.0.0.1)'; in some cases the host name cannotbe determined and so is shown as '????'.ACTION:Look at previous error messages in the error files to determine the errorencountered by the responder program.----- amqrmrsa.c : 930 --------------------------------------------------------removed old jars from classpath , but still same exceptionConsole Output have below lines printed for Algorithmmatching alias: ibmwebspheremqtlstest.qm*** Certificate chainchain [0] = [[ Version: V3 Signature Algorithm: SHA1withRSA,In client , passing key.jks file , which is created at MQ level with 'runmqckm'whether need to specify different Algorithm on creation for TLSv2 ?SSLContext sslContext = SSLContext.getInstance("TLSv1.2");Oracle JDK8 MQEnvironment.sslFipsRequired = false;MQEnvironment.sslCipherSuite = "TLS_RSA_WITH_AES_128_CBC_SHA256";ALTER CHANNEL(TEST.CH) CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)IBM-JDK 7.1 MQEnvironment.sslFipsRequired = false;MQEnvironment.sslCipherSuite = "SSL_RSA_WITH_NULL_SHA256";ALTER CHANNEL(TEST.CH) CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_NULL_SHA256)But question on how to work any TLSv2 cipher with lesser version of Oracle java than 8?To resolve/work-around the issue:will try one by one1) use the IBM JVM2) test with Oracle Java v83) Try MQ v84) other option to set SSLCAUTH=OPTIONAL and not require client side certificate. Now Trying to do the same with JDK8 + MQ8 , MQServer8 and MQSeriesGSKit-8.0.0-4.x86_64 installed , but now issue with creating certificate with runmqckm commandexport LD_LIBRARY_PATH=/opt/mqm/gskit8/lib64export PATH=$PATH:/opt/mqm/gskit8/binrunmqckmbash: runmqckm: command not foundpartially Worked with runmqakmBut failed to create jks files as below runmqakm -keydb -create -db /var/mqm/qmgrs/TLSTEST\!QM/ssl/key.jks -pw password -type jksCTGSK3017W The database type "jks" is not recognized.ResolvedNo Need to set below path export LD_LIBRARY_PATH=/opt/mqm/gskit8/lib64export PATH=$PATH:/opt/mqm/gskit8/bin 解决方案 IBM MQ Fix Pack 7.1.0.7 released November 19th 2015 includes the following APAR:IV73396: DEPRECATION OF SSLV3 CIPHERSPECS IN WEBSPHERE MQ V7 QUEUE MANAGERSThis was a result of SSLv3 being formally deprecated in June 2015 as a result of the IETF approving and publishing RFC7568There is a very good IBM developerWorks blog post "SSL and TLS Cipher Specification Deprecations for the MQ Product" posted May 19 2016 by Miguel A. Rodriguez that goes into detail about which ciphers are deprecated in various Fix Packs.I would recommend that you find a supported TLSv1.2 cipher to use that is compatible with both the Java client and the IBM MQ SVRCONN channel. There were many updates as a result of SSLv3 being deprecated which opened up more TLS ciphers to Java clients using either IBM or Non-IBM JREs.A good write up about the changes IBM made to the Java client cipher support is IBM developerWorks blog post "MQ Java, TLS Ciphers, Non-IBM JREs & APARs IT06775, IV66840, IT09423, IT10837 -- HELP ME PLEASE!" posted on June 9th 2016 by Tom Leend.The reason you do not have a problem with IBM MQ v6.0.2.12 is because that version has been out of support for over four years (since September 30th 2012) and IBM would not release any security updates for a End of Service version like it does for supported versions.I would recommend that you move to a supported version of IBM MQ. When considering which version to upgrade to, note that two of the currently supported versions will be going out of support over the next 16 months:MQ v7.1 goes out of support in less than four months on April 30th 2017.MQ v7.5 goes out of support on April 30th 2018.MQ v8.0 and v9.0 do not have currently announced end of support dates.IBM developerWorks blog post "MQ Java, TLS Ciphers, Non-IBM JREs & APARs IT06775, IV66840, IT09423, IT10837 -- HELP ME PLEASE!" states that APAR IV66840 which added the useIBMCipherMappings setting is included in 7.1.0.7 and this should allow the use of TLSv1.2 Cipherspecs with a Oracle JRE.The table in the APAR IV66840 has this information:If you compare that to the v7.1 Knowledge center page Specifying CipherSpecs, you find that all three of those are TLSv1.2 Cipherspecs.For comparison with the IBM JRE Ciphersuite name, the v7.1 Knowledge center page SSL CipherSpecs and CipherSuites in WebSphere MQ classes for Java lists a similar mapping:IBM CipherSuite IBM MQ CipherSpecSSL_RSA_WITH_NULL_SHA256 TLS_RSA_WITH_NULL_SHA256SSL_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHASSL_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256The MQ CipherSpec TLS_RSA_WITH_RC4_128_SHA256 is not one of those listed in APAR IV66840 has having been enabled for non-IBM JREs under MQ v7.1, it is only listed under v8.0. Above I listed the three TLSv1.2 CipherSpecs that were added to MQ v7.1.I would suggest you try TLS_RSA_WITH_AES_256_CBC_SHA256 as the CipherSpec on the MQ channel and TLS_RSA_WITH_AES_256_CBC_SHA256 as the Java CipherSuite.The settings below should work with the my suggested CipherSpec/CipherSuite, please note that I changed it from TLSv1 to TLSv1.2 SSLContext sslContext = SSLContext.getInstance("TLSv1.2");-Dcom.ibm.mq.cfg.preferTLS=true-Dcom.ibm.mq.cfg.useIBMCipherMappings=falseIn your question you mention these jar files in your classpath: /tmp/mqssl/com.ibm.mq.jmqi.jar:/tmp/mqssl/com.ibm.mq.jarWill you please confirm which version of the IBM MQ product each of these are from, you can do this on linux with the unzip utility:unzip -p com.ibm.mq.jar META-INF/MANIFEST.MF|grep Implementation-VersionOutput will be:Implementation-Version: x.x.x.x - pxxx-xxx-YYMMDDAPAR IV66840 which includes the -Dcom.ibm.mq.cfg.useIBMCipherMappings=false setting is not included in MQ until v7.1.0.7, this is the version you stated is being used.Based on the output you provided the jar files you are referencing are from a v7.1.0.1 install which does not include support for TLS on non-IBM JREs such as Oracle JRE.You also note that the jar files are in /tmp/mqssl, please note that prior to v8 of MQ IBM does not support copying the jar files outside of the default location where they are installed.IBM Technote "Supported way to install WebSphere MQ Java jar files, JMS jar files, or C/C++ libraries" states:If your application is on the same server as the MQ v7.1.0.7 Queue Manager then you can just reference the jar file that are in the directory /opt/mqm/java/lib.If your application is not on the same server and you plan to stay with v7.1 or go with v7.5 I would recommend installing the latest full client install, see my note above on suggestions for versions based on when they are End of Service.If you decide to go with v8 or v9, IBM Technote "Supported way to install WebSphere MQ Java jar files, JMS jar files, or C/C++ libraries" also states:What this means is that with v8.0.0.4 and higher you can download a MQ JMS and Java only redistributable client.The MQ JMS and Java only redistributable client client packages are available from FixCentral here.After searching on the error you are receiving I found this dW Answers post "Why do I get AMQ9771, 2393 SSL Initialization error from a MQ Java/JMS application when trying to use an TLS AES 256 cipher?". It states that the following:The link above to the oracle site states:I would suggest that you either use the lower CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256, or follow the advise above to obtain and install the JCE Unlimited Strength Jurisdiction Policy Files.The error that caught my eye was Caused by: java.security.NoSuchAlgorithmException: SHA224withRSA Signature not available.I searched on google for this and found the following dW Answers post "How to resolve issue with MQ v7.x Java client getting SSL error NoSuchAlgorithmException: SHA224withRSA Signature not available?" which states the following:In the above link the table of interest is under "The SunRsaSign Provider" which lists the following supported signature algorithms:Note that SHA224withRSA is not on the list.The same dW Answers post goes on to state:In the above link the table of interest is under "The SunRsaSign Provider" which lists the following supported signature algorithms:Note that SHA224withRSA is on the list.Recommendations from the dW post:Try with Oracle Java 8 (1.8)Try with IBM JavaTaking into account all of the information gathered through the troubleshooting above the answer is that it is not possible to use a TLSv1.2 cipher with a Oracle Java less than 8 using MQ v7.1.0.7 MQ Java client.Based on the last dW Answers post I provided, IBM suggested trying with MQ v8, but I do not think they tested this configuration so it may also not work.If you do want to try with MQ v8 I would suggest you go with the latest v8.0.0.5 Java only redistributable client client packages which I provided links already. 这篇关于启用S​​SL时如何更正IBM MQ错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！