SSL Connectivity issue due to 2400 MQRC

Weblogic to MQ Connectivity failing with 2400 Reason code

Trying to connect to QMGR using SVRCONN channel and cipher TLS_RSA_WITH_AES_256_CBC_SHA256 . When we try to connect it is always given MQRC 2400 or 2393 errors.

While use the TLS_RSA_WITH_AES_256_CBC_SHA256, we are getting the error below . TLS_RSA_WITH_AES_256_CBC_SHA256 is confiugred at MQ side in the SVRCONN Channel

Caused by: JMSCMQ0001: WebSphere MQ call failed with compcode ‘2’ (‘MQCC_FAILED’) reason ‘2400’ (‘MQRC_UNSUPPORTED_CIPHER_SUITE’).

If we use the SSL_RSA_WITH_AES_256_CBC_SHA256, we are getting the error below error (RC=2393;)

Caused by: CC=2;RC=2393;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_RSA_WITH_AES_256_CBC_SHA],3=xx.xx.xx.xx/xx.xxxx.xx:1414 (x.xx.xx.xx),4=SSLSocket.createSocket,5=default]
Completion Code 2 (MQCC_FAILED), Reason Code 2393 (MQRC_SSL_INITIALIZATION_ERROR)


If using an IBM JRE, then the default ciphersuite mappings should be fine.

If using an Oracle (non-IBM) JRE, you must disable the default ciphersuite mappings,so that the ciphersuite you specify is used for the non-IBM JRE.

To disable the ciphersuite mappings for a non-IBM runtime environments, the following Java System Property must be set:
The 2400 MQRC_UNSUPPORTED_CIPHER_SUITE error commonly occurs if using a non-IBM JRE (like Oracle JRE) and not having the MQ required JVM system argument set:

If we are using Oralce JAVA for Weblogic then set .This will allow IBM MQ to use oracle ciphers suite names while connecting like TLS_RSA_WITH_AES_256_CBC_SHA256

If JAVA version is below 161 then we need to download[UnlimitedJCEPolicyJDK8] JCE Unlimited Strength Jurisdiction Policy Files ()to use a SHA256 Cipher Suite. For latest java version UnlimitedJCEPolicy files are alread there to support SHA256 .

If we get any SSL handshake due to the nature of implementation try to add below to override default keystore and truststore

Issues resolved After Adding in Weblogic JVM arguments for 2400 with cipher TLS_RSA_WITH_AES_256_CBC_SHA256 for handshake .

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *