Using TLSv1.2 for connecting to IBM WebSphere JNDI

Question

I have a legacy application which is using Spring 3.2.4 and is connecting to an IBM WebSphere JMS queue resolved via JNDI. Following are the Spring beans for connection factory and the JNDI template.

<bean id="queueConnectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean">
    <property name="jndiTemplate" ref="jndi-template-1" />
    <property name="jndiName" value="FOO" />
    <property name="lookupOnStartup" value="false"/>
    <property name="proxyInterface" value="javax.jms.ConnectionFactory"/>
</bean>

<bean id="jndi-template-1" class="org.springframework.jndi.JndiTemplate">
   <property name="environment">
      <props>
         <prop key="java.naming.factory.initial">com.ibm.websphere.naming.WsnInitialContextFactory</prop>
         <prop key="java.naming.provider.url">${jndi-url}</prop>
      </props>
   </property>
</bean>

Recently the WebSphere server has been upgraded and restricted to allow only TLSv1.2 connections. Since the client is currently using TLSv1, connections are rejected.

Is there a way to configure the JNDI template to use TLSv1.2 for client connections?

Answer 1

3 things you need to check for in your legacy application:

• Is it running Java 8 or higher
• Is it using IBM MQ JAR files v8.0.0.9 or higher
• Is the JNDI QCF/TCF entry using a CipherSuite that is TLS 1.2 - you can check out supported TLS v1.2 CipherSuites for IBM MQ here.