Channel SSL Error

Event name: Channel SSL Error.
Reason code in MQCFH: MQRC_CHANNEL_SSL_ERROR (2371, X'943').
Channel SSL Error.
Event description: This condition is detected when a channel using Transport Layer Security (TLS) fails to establish a connection. ReasonQualifier identifies the nature of the error.
Event type: SSL.
Platforms: All.
Event queue: SYSTEM.ADMIN.CHANNEL.EVENT.


Event data

    QMgrName

    Description: Name of the queue manager generating the event.
    Identifier: MQCA_Q_MGR_NAME.
    Data type: MQCFST.
    Maximum length: MQ_Q_MGR_NAME_LENGTH.
    Returned: Always.

    ReasonQualifier

    Description: Identifier that qualifies the reason code.
    Identifier: MQIACF_REASON_QUALIFIER.
    Data type: MQCFIN.
    Values:

      MQRQ_SSL_HANDSHAKE_ERROR
      The key exchange / authentication failure arose during the TLS handshake.

      MQRQ_SSL_CIPHER_SPEC_ERROR
      This error can mean any one of the following:

      • The TLS client CipherSpec does not match that on the TLS server channel definition.
      • An invalid CipherSpec has been specified.
      • A CipherSpec has only been specified on one end of the TLS channel.

      MQRQ_SSL_PEER_NAME_ERROR
      The Distinguished Name in the certificate sent by one end of the TLS channel does not match the peer name on the end of the channel definition at the other end of the TLS channel.

      MQRQ_SSL_CLIENT_AUTH_ERROR
      The TLS server channel definition specified either SSLCAUTH(REQUIRED) or a SSLPEER value that was not blank, but the TLS client did not provide a certificate.

    Returned: Always.

    ChannelName

    Description: Channel Name.
    Identifier: MQCACH_CHANNEL_NAME.
    Data type: MQCFST.
    Maximum length: MQ_CHANNEL_NAME_LENGTH.
    Returned: The ChannelName might not be available if the channel has not yet got far enough through its start-up process, in this case the channel name will not be returned. Otherwise always.

    XmitQName

    Description: Transmission queue name.
    Identifier: MQCACH_XMIT_Q_NAME.
    Data type: MQCFST.
    Returned: For sender, server, cluster-sender and cluster-receiver channels only.

    ConnectionName

    Description: If the channel has successfully established a TCP connection, this is the Internet address. Otherwise it is the contents of the ConnectionName field in the channel definition.
    Identifier: MQCACH_CONNECTION_NAME.
    Data type: MQCFST.
    Maximum length: MQ_CONN_NAME_LENGTH.
    Returned: The ConnectionName might not be available if the channel has not yet got far enough through its start-up process, in this case the connection name will not be returned. Otherwise always.

    SSLHandshakeStage

    Description: Information about the TLS function call giving the error. For z/OS, details of function names can be found in the System Secure Sockets Layer Programming Guide and Reference SC24-5877.
    Identifier: MQCACH_SSL_HANDSHAKE_STAGE.
    Data type: MQCFST.
    Maximum length: MQ_SSL_HANDSHAKE_STAGE_LENGTH.
    Returned: This field is only present if ReasonQualifier is set to MQRQ_SSL_HANDSHAKE_ERROR.

    SSLReturnCode

    Description: A numeric return code from a failing TLS call. Details of TLS Return Codes for specific platforms can be found as follows:

    Identifier: MQIACH_SSL_RETURN_CODE.
    Data type: MQCFIN.
    Returned: This field is only present if ReasonQualifier is set to MQRQ_SSL_HANDSHAKE_ERROR.

    SSLPeerName

    Description: The Distinguished Name in the certificate sent from the remote system.
    Identifier: MQCACH_SSL_PEER_NAME.
    Data type: MQCFST.
    Maximum length: MQ_DISTINGUISHED_NAME_LENGTH.
    Returned: This field is only present if ReasonQualifier is set to MQRQ_SSL_PEER_NAME_ERROR and is not always present for this reason qualifier.

Parent topic: Event message descriptions