java 发生 MQException:完成代码 2,原因 2400 MQJE011:套接字连接尝试被拒绝
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/35292388/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
An MQException occurred: Completion Code 2, Reason 2400 MQJE011: Socket connection attempt refused
提问by user2652204
I wrote a program to put messages into MQ . It works fine when I don't have SSL configuration in place. If I configure SSL in QueueManager and Channel, always getting An MQException occurred: Completion Code 2, Reason 2400 MQJE011: Socket connection attempt refused. Tried with different cipher suite Please advise how to resolve it.
我编写了一个程序将消息放入 MQ 。当我没有 SSL 配置时它工作正常。如果我在 QueueManager 和 Channel 中配置 SSL,总是会发生 An MQException:完成代码 2,原因 2400 MQJE011:套接字连接尝试被拒绝。尝试使用不同的密码套件 请告知如何解决。
SSL properties :
SSL 属性:
com.ibm.mq.MQEnvironment.sslCipherSuite = "TLS_RSA_WITH_AES_256_GCM_SHA384";
System.setProperty("javax.net.ssl.trustStore", "D:/keystore/testKS.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "12345678");
System.setProperty("javax.net.ssl.keyStore", "D:/keystore/testKS.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "12345678");
回答by vaquar khan
This answer specific to Java code .
此答案特定于 Java 代码。
Java JREs, including Oracle/Sun and IBM's have Import Limits on Cryptographic Algorithms enabled. This limits the maximum key sizes and also some algorithms.
Java JRE,包括 Oracle/Sun 和 IBM 启用了对加密算法的导入限制。这限制了最大密钥大小和一些算法。
When trying to use a AES 256 cipher, such as ECDHE_RSA_AES_256_CBC_SHA384or TLS_RSA_WITH_AES_256_CBC_SHA256, you need to ensure JRE supports this cipher. In most cases, when the stronger cipher algorithms are needed, such as AES 256 ciphers, the JCE Unlimited Strength Jurisdiction Policy Files must be obtained and installed in the JDK/JRE.
尝试使用 AES 256 密码时,例如ECDHE_RSA_AES_256_CBC_SHA384或TLS_RSA_WITH_AES_256_CBC_SHA256,您需要确保 JRE 支持此密码。在大多数情况下,当需要更强的密码算法(例如 AES 256 密码)时,必须获取 JCE Unlimited Strength Jurisdiction Policy Files 并将其安装在 JDK/JRE 中。
This is mentioned in the JDK/JRE documentation: For Oracle 1.7:
JDK/JRE 文档中提到了这一点:对于 Oracle 1.7:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
For IBM JRE: ** Cipher suites that use AES_256 require installation of the JCE Unlimited Strength Jurisdiction Policy Files.
对于 IBM JRE:** 使用 AES_256 的密码套件需要安装 JCE Unlimited Strength Jurisdiction Policy Files。
This is similar to the issue noted with IBM MQ Explorer in :
这类似于 IBM MQ Explorer 中记录的问题:
Please updated this JAR File run with MSPKI and Cipher value “TLS_RSA_WITH_AES_256_CBC_SHA”
请使用 MSPKI 和密码值“TLS_RSA_WITH_AES_256_CBC_SHA”更新此 JAR 文件运行
New policy jar which will support all the algorithms, you need to update jars into your C:\java-8\jdk1_8_0\jre\lib\security
将支持所有算法的新策略 jar,您需要将 jar 更新到您的C:\java-8\jdk1_8_0\jre\lib\security
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
回答by Morag Hughson
The MQRC return code you were given is a very strong hint. Your first act to diagnose any problem should be to look up the MQRC number. You can do this quickly at a command prompt on any machine with MQ installed by typing
您收到的 MQRC 返回码是一个非常强烈的提示。诊断任何问题的第一步应该是查找 MQRC 编号。您可以在任何安装了 MQ 的机器上的命令提示符下快速执行此操作,方法是键入
mqrc 2400
You can also look it up in Knowledge Center.
您也可以在知识中心中查找。
MQRC_UNSUPPORTED_CIPHER_SUITE (2400)
MQRC_UNSUPPORTED_CIPHER_SUITE (2400)
If you read the more detailed information at the above link that fully describes the reason code, you will see that it means the JSSE does not support that cipher.
如果您在上面完整描述原因代码的链接中阅读了更详细的信息,您会发现这意味着 JSSE 不支持该密码。
@Shashi has given you the answer in the comment above that the cipher you are using was very recently introduced.
@Shashi 在上面的评论中给了你答案,你使用的密码是最近引入的。
