BPM 8.0 支持 TLS1.2 吗?
BPM 8.0 support TLS1.2?
我在AIX 7.1上安装了BPM 8.0,详细的产品版本列表如下:
问题是这个环境是否支持TLS1.2?我正在建立从 BPM 到 IBM MQ 的连接,IBM MQ 日志显示远程通道没有指定 CipherSpec,而本地通道需要指定 CipherSpec。
Product List
--------------------------------------------------------------------------------
BPMPS installed
ND installed
Installed Product
--------------------------------------------------------------------------------
Name IBM Business Process Manager Advanced V8.0 - Process Server
Version 8.0.1.3
ID BPMPS
Build Level 20140814-155433
Build Date 8/14/14
Package com.ibm.bpm.PS.V80_8.0.1003.20140814_1722
Architecture PPC64
Installed Features Production
Business Process Manager Advanced - Client (always installed)
Installed Product
--------------------------------------------------------------------------------
Name IBM WebSphere Application Server Network Deployment
Version 8.0.0.13
ID ND
Build Level cf131705.01
Build Date 2/1/17
Package com.ibm.websphere.ND.v80_8.0.13.20170202_0013
Architecture PPC64
Installed Features IBM 64-bit SDK for Java, Version 6
EJBDeploy tool for pre-EJB 3.0 modules
Embeddable EJB container
Stand-alone thin clients and resource adapters
--------------------------------------------------------------------------------
Java Version:
java version "1.6.0"
Java(TM) SE Runtime Environment (build pap6460_26sr8fp35ifix-20170120_01(SR8 FP35+IV90630+IV90578+IX90178))
IBM J9 VM (build 2.6, JRE 1.6.0 AIX ppc64-64 Compressed References 20161005_321286 (JIT enabled, AOT enabled)
J9VM - R26_Java626_SR8_20161005_1305_B321286
JIT - tr.r11_20161001_125404
GC - R26_Java626_SR8_20161005_1305_B321286_CMPRSS
J9CL - 20161005_321286)
JCL - 20161020_01
--------------------------------------------------------------------------------
MQ 日志:
----- amqzfubx.c : 624 -------------------------------------------------------- 08/01/17 17:54:55 - Process(6619304.1735) User(mqm) Program(amqrmppa)
Host(test.test.com) Installation(Installation2)
VRMF(7.5.0.6) QMgr(MQ******)
AMQ9639: Remote channel '***.SVRCONN' did not specify a CipherSpec.
EXPLANATION: Remote channel '***.SVRCONN' did not specify a CipherSpec when the local channel expected one to be specified.
The remote host is ''test.test.com (1**.1**.1**.1**)' .
The channel did not start. ACTION: Change the remote channel '***.SVRCONN' on host 'test.test.com (1**.1**.1**.1**)' to specify a CipherSpec so that both ends of the channel have matching CipherSpecs.
--------------------------------------------------------------------------------
根据您提供的信息,您曾尝试使用以下两种 SHA2 密码套件:
SSL_RSA_WITH_AES_256_CBC_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
简答:
不,您将无法将 SHA2 CipherSuite 与您正在使用的产品的当前版本一起使用。
详情:
您是 运行 IBM BPM 8.0.1.3 which was released August 15 2014 and will be End of Support 2017 年 9 月 30 日。
在上面的 link 中,注意到 BPM 8.0.1.3 与 WAS 8.0.0.9 捆绑在一起,但是输出显示您是 运行 8.0.0.13 which was released February 20 2017 and will be End of Support 2018 年 4 月 30 日。
WAS 8.0.0.13 shipped with IBM MQ RA 7.0.1.3 which was released August 13 2015. The main MQ product went End of Support September 30 2015, but this link 声明 RA 仍将受到支持,因为它与受支持的 BPM 版本捆绑在一起。
根据 IBM MQ v7.0.1 知识中心页面“SSL CipherSpecs and CipherSuites”,此版本的 MQ 不支持这些 SHA2 CipherSuites 或任何 TLS 1.2密码套件。
队列管理器错误日志条目指出它位于 7.5.0.6,根据 IBM MQ v7.5 知识中心页面“SSL CipherSpecs and CipherSuites in JMS" does show support for one of the two SHA2 CipherSuites you tried. I know based on some KC feedback I provided and APAR IV66840 that it actually supports both but the page has not yet been updated. Please see the equivalent IBM MQ Classes for Java page "SSL CipherSpecs and CipherSuites in WebSphere MQ classes for Java”,该页面已更新以列出两者。
结论:
为了获得 IBM MQ SHA2 支持,您需要使用 IBM MQ RA v7.1 或更高版本,此版本的 IBM MQ 目前作为产品不受支持,但与 WAS 8.5 捆绑在一起,WAS 8.5 与BPM v8.5,因为 BPM 8.0 将在下个月底结束支持,希望这是您已经在计划的事情。
我在AIX 7.1上安装了BPM 8.0,详细的产品版本列表如下:
问题是这个环境是否支持TLS1.2?我正在建立从 BPM 到 IBM MQ 的连接,IBM MQ 日志显示远程通道没有指定 CipherSpec,而本地通道需要指定 CipherSpec。
Product List
--------------------------------------------------------------------------------
BPMPS installed
ND installed
Installed Product
--------------------------------------------------------------------------------
Name IBM Business Process Manager Advanced V8.0 - Process Server
Version 8.0.1.3
ID BPMPS
Build Level 20140814-155433
Build Date 8/14/14
Package com.ibm.bpm.PS.V80_8.0.1003.20140814_1722
Architecture PPC64
Installed Features Production
Business Process Manager Advanced - Client (always installed)
Installed Product
--------------------------------------------------------------------------------
Name IBM WebSphere Application Server Network Deployment
Version 8.0.0.13
ID ND
Build Level cf131705.01
Build Date 2/1/17
Package com.ibm.websphere.ND.v80_8.0.13.20170202_0013
Architecture PPC64
Installed Features IBM 64-bit SDK for Java, Version 6
EJBDeploy tool for pre-EJB 3.0 modules
Embeddable EJB container
Stand-alone thin clients and resource adapters
--------------------------------------------------------------------------------
Java Version:
java version "1.6.0"
Java(TM) SE Runtime Environment (build pap6460_26sr8fp35ifix-20170120_01(SR8 FP35+IV90630+IV90578+IX90178))
IBM J9 VM (build 2.6, JRE 1.6.0 AIX ppc64-64 Compressed References 20161005_321286 (JIT enabled, AOT enabled)
J9VM - R26_Java626_SR8_20161005_1305_B321286
JIT - tr.r11_20161001_125404
GC - R26_Java626_SR8_20161005_1305_B321286_CMPRSS
J9CL - 20161005_321286)
JCL - 20161020_01
--------------------------------------------------------------------------------
MQ 日志:
----- amqzfubx.c : 624 -------------------------------------------------------- 08/01/17 17:54:55 - Process(6619304.1735) User(mqm) Program(amqrmppa)
Host(test.test.com) Installation(Installation2)
VRMF(7.5.0.6) QMgr(MQ******)
AMQ9639: Remote channel '***.SVRCONN' did not specify a CipherSpec.
EXPLANATION: Remote channel '***.SVRCONN' did not specify a CipherSpec when the local channel expected one to be specified.
The remote host is ''test.test.com (1**.1**.1**.1**)' .
The channel did not start. ACTION: Change the remote channel '***.SVRCONN' on host 'test.test.com (1**.1**.1**.1**)' to specify a CipherSpec so that both ends of the channel have matching CipherSpecs.
--------------------------------------------------------------------------------
根据您提供的信息,您曾尝试使用以下两种 SHA2 密码套件:
SSL_RSA_WITH_AES_256_CBC_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA256
简答:
不,您将无法将 SHA2 CipherSuite 与您正在使用的产品的当前版本一起使用。
详情:
您是 运行 IBM BPM 8.0.1.3 which was released August 15 2014 and will be End of Support 2017 年 9 月 30 日。
在上面的 link 中,注意到 BPM 8.0.1.3 与 WAS 8.0.0.9 捆绑在一起,但是输出显示您是 运行 8.0.0.13 which was released February 20 2017 and will be End of Support 2018 年 4 月 30 日。
WAS 8.0.0.13 shipped with IBM MQ RA 7.0.1.3 which was released August 13 2015. The main MQ product went End of Support September 30 2015, but this link 声明 RA 仍将受到支持,因为它与受支持的 BPM 版本捆绑在一起。
根据 IBM MQ v7.0.1 知识中心页面“SSL CipherSpecs and CipherSuites”,此版本的 MQ 不支持这些 SHA2 CipherSuites 或任何 TLS 1.2密码套件。
队列管理器错误日志条目指出它位于 7.5.0.6,根据 IBM MQ v7.5 知识中心页面“SSL CipherSpecs and CipherSuites in JMS" does show support for one of the two SHA2 CipherSuites you tried. I know based on some KC feedback I provided and APAR IV66840 that it actually supports both but the page has not yet been updated. Please see the equivalent IBM MQ Classes for Java page "SSL CipherSpecs and CipherSuites in WebSphere MQ classes for Java”,该页面已更新以列出两者。
结论:
为了获得 IBM MQ SHA2 支持,您需要使用 IBM MQ RA v7.1 或更高版本,此版本的 IBM MQ 目前作为产品不受支持,但与 WAS 8.5 捆绑在一起,WAS 8.5 与BPM v8.5,因为 BPM 8.0 将在下个月底结束支持,希望这是您已经在计划的事情。