FIX: MQSC Adapter fails when SSL and Microsoft MQ Client are used

You set the SSL Channel Definition to use SSL, and you set the Use Microsoft MQ Client option to Yes. When you do this, the MQSC Adapter fails, and the following error is logged for a receive location or send port in the Application event log:

This issue is fixed in Cumulative Update 2 for Host Integration Server 2016.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Fixes included in the cumulative update enable SSL to work when you use the Microsoft MQ Client. However, even with these fixes applied, a failure may occur because of the way that the IBM WebSphere server handles SSL. In certain situations, the connection may be closed without a reason code when the receive location or a send port is started. This is because the IBM WebSphere server is expecting one specific CipherSpec code scheme. However, in .NET Framework the SSL stream automatically sends the complete list of supported CipherSpecs that the client can handle. The Microsoft MQ Client is implemented on .NET Framework SSL and has no control of the CipherSpecs that are sent. If the first CipherSpec matches the CipherSpec that is configured on the Server-Connection Channel on the MQ Server, then everything will work.

If the connection fails, check the event log on the MQ Server for an event that indicates the specific incoming CipherSpec that failed. Then, in the Server-Connection Channel, specify the particular CipherSpec as the valid CipherSpec for incoming calls, and then retry the call.

Learn about the terminology Microsoft uses to describe software updates.