捕获错误 MQException:2059 - MQRC_Q_MGR_NOT_AVAILABLE .Net Core Linux Docker 容器 IBM MQ,由密码规范不匹配引起 [英] Error MQException caught: 2059 - MQRC_Q_MGR_NOT_AVAILABLE .Net Core Linux Docker Container IBM MQ, caused by cipherspec mismatch

查看:22
本文介绍了捕获错误 MQException:2059 - MQRC_Q_MGR_NOT_AVAILABLE .Net Core Linux Docker 容器 IBM MQ,由密码规范不匹配引起的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个运行在 Linux docker 容器中的 .net 核心托管客户端.我正在尝试使用 SSL 连接到 IBM 消息队列,它使用 TLS_RSA_WITH_AES_128_CBC_SHA256 成功连接.我通过要求他们将服务器更改为 AES_256 再次进行了测试.但是,当他们切换到 AES_256 时,即我在 TLS_RSA_WITH_AES_256_CBC_SHA256 上尝试相同的方法时,我得到 2059 - MQRC_Q_MGR_NOT_AVAILABLE.

I have a .net core managed client running in a Linux docker container. I am trying to connect to the IBM message queue using SSL and it connects successfully using TLS_RSA_WITH_AES_128_CBC_SHA256. I tested again by asking them to change the server to AES_256. However, when they switch to AES_256 i.e I try the same on TLS_RSA_WITH_AES_256_CBC_SHA256 I get 2059 - MQRC_Q_MGR_NOT_AVAILABLE.

在 Windows 中,您可以通过转到组策略编辑器来指定默认密码规范.例子.https://docs.microsoft.com/en-我们/windows-server/security/tls/manage-tls我的问题是我如何在 docker 容器中做到这一点.我使用的图片来自 Microsoft dotnet/core/aspnet:3.1-buster-slim这是我的代码供参考,

In windows, you can specify default the cipher spec by going to group policy editor. example. https://docs.microsoft.com/en-us/windows-server/security/tls/manage-tls My question is how do I do that in the docker container. My image used is from Microsoft dotnet/core/aspnet:3.1-buster-slim Here is my code for reference,

 private static string _host = "GH2134";
        private static int _port = 1414;
        private static string _channel= "AES256.TEST.CHANNEL";
        private static string _qmgr= "MQMGR";
        private static string _cipherSpec = "TLS_RSA_WITH_AES_256_CBC_SHA256";
        private static string _mqUser = "mymqUser";
        private static string _mqPassword = "mymqPassword@";   
        private static string _keyRepository = "*USER";
              
        var properties = new Hashtable();
        properties.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_MANAGED);
        properties.Add(MQC.HOST_NAME_PROPERTY, _host);
        properties.Add(MQC.PORT_PROPERTY, _port);
        properties.Add(MQC.CHANNEL_PROPERTY, _channel);
        properties.Add(MQC.USER_ID_PROPERTY, _mqUser);
        properties.Add(MQC.PASSWORD_PROPERTY, _mqPassword);
        properties.Add(MQC.SSL_CIPHER_SPEC_PROPERTY,_cipherSpec);         
        properties.Add(MQC.SSL_CERT_STORE_PROPERTY, _keyRepository);
          
        var queueManager = new MQQueueManager(_qmgr, properties);
        Console.Write("Connection created successfully...\n\n");

我检查了 bash 是否安装了 root@097aa5a44f52:/app# ssl cyphers -v没有找到 TLS_RSA_WITH_AES_256_CBC_SHA256 我是如何添加它的,就像在 Windows 组策略编辑器中一样

I checked the bash for installed root@097aa5a44f52:/app# ssl cyphers -v Didn't find it TLS_RSA_WITH_AES_256_CBC_SHA256 how did I add it, like in windows group policy editor

root@097aa5a44f52:/app# openssl ciphers -v
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1
SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(256)  Mac=SHA1
RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA384
RSA-PSK-AES256-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-PSK-AES256-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
PSK-AES256-CBC-SHA384   TLSv1 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA384
PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
SRP-AES-128-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(128)  Mac=SHA1
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA256
RSA-PSK-AES128-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-PSK-AES128-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
PSK-AES128-CBC-SHA256   TLSv1 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA256
PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1

更新:我通过将 IBM® Message Service Client for .NET Standard (XMS .NET) 9.2.2 的 nuget 版本降级到 9.1.4 进行了验证我很惊讶地发现 TLS_RSA_WITH_AES_128_CBC_SHA256 也出现了 2059 错误,所以我也可能猜测这可能是 IBM 客户端库中的错误?

Update: I verified with downgrading the nuget version of IBM® Message Service Client for .NET Standard (XMS .NET) 9.2.2 to 9.1.4 I was surprised to know that I get the 2059 error also with TLS_RSA_WITH_AES_128_CBC_SHA256 so I am might also guess that this could be a bug in the IBM's client library?

推荐答案

我可以回答我自己的问题.我用旧版本的 IBMXMS 进行了测试nuget 包.它也不支持 AES 128,目前官方 IBMXMS .net 库中有一个错误,它在最新版本中不支持 CYPHERSPECS TLS_RSA_AES_256_WITH_RSA_SHA256.支持AES128

I can answer my own question. I did the tests with older library version of IBMXMS nuget packages. It did not support AES 128 as well, There is currently a bug in the official IBMXMS .net library that it does not support CYPHERSPECS TLS_RSA_AES_256_WITH_RSA_SHA256 in the latest one. It supports AES128

但是,这仅适用于 Linux 环境.在 Windows AES 256 中工作,前提是它在组策略中也更改为相同的规范.这是有关如何操作的链接 https://docs.microsoft.com/en-us/windows-server/security/tls/manage-tls

However this is the case only in the Linux environment. In windows AES 256 works, provided that its also changed to the same spec in group policy. Here is a link on how to it https://docs.microsoft.com/en-us/windows-server/security/tls/manage-tls

因此,如果您在 Linux 中使用 IBM 的 .Net Client Core,则只能使用 TLS_RSA_AES_128_WITH_RSA_SHA256,除非 IBM 发布新的库 dll 或支持它的 nuget 包.截至目前,我使用的版本是来自 nuget,IBMXMSDotnetClient 版本 =9.2.2"在 Openssl 中,已经有支持

Hence if you are using IBMs .Net Client Core in Linux, then only upto TLS_RSA_AES_128_WITH_RSA_SHA256 unless IBM releases a new library dll or a nuget package that supports it. As of now the version I am using is from nuget, IBMXMSDotnetClient Version="9.2.2" in Openssl, there is already support

这篇关于捕获错误 MQException:2059 - MQRC_Q_MGR_NOT_AVAILABLE .Net Core Linux Docker 容器 IBM MQ,由密码规范不匹配引起的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆