From the beginning, the protocol used by IBM MQ channels (queue manager and client channels) was designed to work any version to any version. You could have older clients talking to newer queue managers, and newer clients talking to older queue managers.
You could also have queue managers communicating even though they were all different versions too.
This works because at the beginning of a connection, the two partners negotiate what they are capable of doing, and use the lowest common denominator for this particular conversation. This does mean an older version cannot utilise features in the newer release, because it isn’t aware of their existence.
Any supported version and release of an IBM MQ client can connect to any supported version and release of an IBM MQ queue manager. The MQI channel is automatically configured to the latest version that both the client and server support. If the client and server are different versions, the client application must use only the functions in the earlier version.
IBM Docs: Compatibility between different versions of an IBM MQ client and a queue manager
Similar considerations about sticking to the lowest common denominator for the features you use apply the clustered queue managers and are covered here. I’ll stick to clients for the contents of this post.
Most of the time, as an MQ administrator, you are entirely unaware of what version of the protocol any particular channel connection is using, although it is exposed through channel exits where you can request the protocol version to be downgraded lower than the negotiation might have picked.
However, having a design for a protocol that works any to any version is not the end of the story. There is also the business of support. IBM only supports the more recent versions of IBM MQ. Each version of MQ, when released, has an expected life-span, and End of Support announcements are made when a version is nearing the end of its life-span. Testing of version to version compatibility is done by IBM, but not for every version to every version. You will be unsurprised to learn that IBM does not support the connection of a V5.0 client to a V9.3 queue manager, even if it does appear to work.
Moreover, there are considerations beyond just thinking about the protocol. For example, are all your SVRCONN channels configured to expect an SSL/TLS protected connection? This immediately puts your lowest client version at V5.3 (the release that introduced the SSL feature). Are you running a queue manager that has deprecated all the weaker CipherSpecs? If so, the oldest introduced TLS 1.2 CipherSpec that has not been deprecated was introduced at V7 (see the second table in Deprecated CipherSpecs), making that your lowest client version. In house security policies may raise this to even newer versions of the MQ client.
While making sure your client version isn’t out of support is advisable, it is also worth noting that generally speaking later versions of any software (with the possible exception of the most recent one!) are likely to be more stable and better performing with new features one can exploit. Upgrading software should not only be done because not doing so leaves you vulnerable. And to upgrade an IBM MQ client does not cost you any software purchasing dollars – yes, time and effort sure, but hard cash, no.
You may think, why bother? Old MQ clients DO still work, I’ve never had any problems, MQ’s backward compatibility has always been great. Well, past performance is not always indicative of future results. Sometimes fixes will break that compatibility. One such example was recently raised with APAR IT42945 – IBM MQ CVE-2023-28513 [CVSS base score 5.9] where the fix DID break old, out-of-support V5.2 and V5.3 Java clients. You can read more about that issue at here.
Whatever your reason to find, and upgrade, any back-level clients, the process to find them is the same. The client version is a piece of data that has had an increasingly visible journey. You may be aware that the version of the MQ client is something that is flowed across to the server. Originally it was just used to write out in trace for IBM Service; then it was added as output on DISPLAY CHSTATUS
; and then in MQ V8.0.0.3 it was given to channel exits, and then in MQ V9.1.0, it was added to MQI accounting records. This latter location is the best place to pick it up because you can let the queue manager spot all the client connections and write out the data. You might miss a few if you just rely on using channel status.
When collecting the data about a client application that is using an old version of MQ, the most interesting information will be the application name and the IP address. This can help you locate the machine where the application is running in order to persuade the owner to upgrade the version of MQ used there.
MQEV can help you collect this information as we wrote about here.
Extra reading
The following links may also be useful when thinking about back-level clients, or trying to persuade application owners to upgrade.