Batch heartbeating allows sender-type channels to determine whether the remote channel instance is still active, before going in-doubt. The value can be between 0 and 999999. A value of 0 indicates that batch heartbeating is not to be used. Batch heartbeat is measured in milliseconds.
This parameter is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR.
This is the approximate time in milliseconds that a channel will keep a batch open, if fewer than BatchSize messages have been transmitted in the current batch.
This parameter is supported in the following environments: AIX, HP-UX, i5/OS, Solaris, Windows, Linux and z/OS.
If BatchInterval is greater than zero, the batch is terminated by whichever of the following occurs first:
If BatchInterval is zero, the batch is terminated by whichever of the following occurs first:
BatchInterval must be in the range zero through 999 999 999.
This parameter applies only to channels with a ChannelType of: MQCHT_SENDER, MQCHT_SERVER, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR.
The maximum number of messages that should be sent down a channel before a checkpoint is taken.
The batch size which is actually used is the lowest of the following:
The maximum number of uncommitted messages is specified by the MaxUncommittedMsgs parameter of the Change Queue Manager command.
Specify a value in the range 1-9999.
This parameter is not valid for channels with a ChannelType of MQCHT_SVRCONN or MQCHT_CLNTCONN.
The maximum length of the string is MQ_CHANNEL_DESC_LENGTH.
Use characters from the character set, identified by the coded character set identifier (CCSID) for the message queue manager on which the command is executing, to ensure that the text is translated correctly.
Specifies whether online monitoring data is to be collected and, if so, the rate at which the data is collected. The value can be:
Specifies whether statistics data is to be collected and, if so, the rate at which the data is collected. The value can be:
This parameter is valid only on AIX, HP-UX, Linux, i5/OS, Solaris, and Windows.
The name of the cluster to which the channel belongs.
This parameter applies only to channels with a ChannelType of:
Only one of the values of ClusterName and ClusterNamelist can be nonblank; the other must be blank.
The maximum length of the string is MQ_CLUSTER_NAME_LENGTH.
The name, of the namelist, that specifies a list of clusters to which the channel belongs.
This parameter applies only to channels with a ChannelType of:
Only one of the values of ClusterName and ClusterNamelist can be nonblank; the other must be blank.
Specify a value in the range zero through 9 where zero is the lowest priority and 9 is the highest.
This parameter applies only to channels with a ChannelType of:
For more information about this parameter, see WebSphere MQ Queue Manager Clusters.
Specify a value in the range zero through 9 where zero is the lowest priority and 9 is the highest.
This parameter applies only to channels with a ChannelType of:
For more information about this parameter, see WebSphere MQ Queue Manager Clusters.
Specify a weighting for the channel for use in workload management. Specify a value in the range 1 through 99 where 1 is the lowest priority and 99 is the highest.
This parameter applies only to channels with a ChannelType of:
For more information about this parameter, see WebSphere MQ Queue Manager Clusters.
Specifies how the command is executed when the queue manager is a member of a queue-sharing group. You can specify one of the following:
The maximum length is MQ_QSG_NAME_LENGTH.
On platforms other than z/OS, the maximum length of the string is MQ_CONN_NAME_LENGTH. On z/OS, it is MQ_LOCAL_ADDRESS_LENGTH.
Specify the name of the machine as required for the stated TransportType:
On z/OS, there are two forms in which to specify the value:
Form | Example |
---|---|
luname | IGY12355 |
luname/TPname | IGY12345/APING |
luname/TPname/modename | IGY12345/APINGD/#INTER |
For the first form, the TP name and mode name must be specified for the TpName and ModeName parameters; otherwise these parameters must be blank.
The specified or implied LU name can be that of a VTAM(R) generic resources group.
On z/OS, the connection name can include the IP_name of a z/OS dynamic DNS group or a network dispatcher input port. Do not include this for channels with a ChannelType value of MQCHT_CLUSSDR.
On a MQCHT_CLUSRCVR channel, the ConnectionName parameter is optional. On AIX, HP-UX, Linux, i5/OS, Solaris, or Windows MQCHT_CLUSRCVR channel, if you leave ConnectionName blank, WebSphere MQ generates a ConnectionName for you, assuming the default port and using the current IP address of the system.
0a0b0c0d.804abcde23a1(5e86)If the socket number is omitted, the WebSphere MQ default value (5e86 hex) is assumed.
This parameter is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_REQUESTER, MQCHT_CLNTCONN, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR.
This parameter is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR.
The value can be:
This defines the maximum number of seconds that the channel waits for messages to be put on a transmission queue before terminating the channel. A value of zero causes the message channel agent to wait indefinitely.
Specify a value in the range 0 through 999 999.
This parameter is valid only for ChannelType values of MQCHT_SENDER MQCHT_SERVER, MQCHT_SVRCONN (on z/OS only), MQCHT_CLUSSDR, or MQCHT_CLUSRCVR.
For server-connection channels on z/OS using the TCP protocol, this is the minimum time in seconds for which the server-connection channel instance remains active without any communication from its partner client. A value of zero disables this disconnect processing. The server-connection inactivity interval only applies between MQ API calls from a client, so no client is disconnected during an extended MQGET with wait call. This attribute is ignored for server-connection channels using protocols other than TCP.
The list of header data compression techniques supported by the channel. For sender, server, cluster-sender, cluster-receiver, and client-connection channels, the values specified are in order of preference with the first compression technique supported by the remote end of the channel being used.
The channel's mutually supported compression techniques are passed to the sending channel's message exit where the compression technique used can be altered on a per message basis. Compression alters the data passed to send and receive exits.
Specify one or more of:
The interpretation of this parameter depends on the channel type, as follows:
This type of heartbeat is supported in the following environments: AIX, HP-UX, i5/OS, Solaris, Windows, and z/OS.
This type of heartbeat is supported in the following environments: AIX, HP-UX, i5/OS, Solaris, Windows, Linux and z/OS.
The value must be in the range 0 through 999 999. A value of 0 means that no heartbeat exchange occurs. The value that is actually used is the larger of the values specified at the sending side and receiving side.
Specifies the value passed to the communications stack for KeepAlive timing for the channel.
For this attribute to have any effect, TCP/IP keepalive must be enabled. On z/OS, you do this by issuing the Change Queue Manager with a value of MQTCPKEEP in the TCPKeepAlive parameter; if the TCPKeepAlive queue manager parameter has a value of MQTCPKEEP_NO, the value is ignored and the KeepAlive facility is not used.. On other platforms, TCP/IP keepalive is enabled when the KEEPALIVE=YES parameter is specified in the TCP stanza in the distributed queuing configuration file, qm.ini, or through the WebSphere(R) MQ Explorer. Keepalive must also be switched on within TCP/IP itself, using the TCP profile configuration data set.
Although this parameter is available on all platforms, its setting is implemented only on z/OS. On platforms other than z/OS, you can access and modify the parameter, but it is only stored and forwarded; there is no functional implementation of the parameter. This is useful in a clustered environment where a value set in a cluster-receiver channel definition on Solaris, for example, flows to (and is implemented by) z/OS queue managers that are in, or join, the cluster.
Specify either:
On platforms other than z/OS, if you need the functionality provided by the KeepAliveInterval parameter, use the HeartBeatInterval parameter.
The maximum length of the string is MQ_LOCAL_ADDRESS_LENGTH.
The value that you specify depends on the transport type (TransportType) to be used:
[ip-addr][(low-port[,high-port])]where ip-addr is specified in IPv4 dotted decimal, IPv6 hexadecimal notation, or alphanumeric form, and low-port and high-port are port numbers enclosed in parentheses. All are optional.
Use this parameter if you want a channel to use a particular IP address, port, or port range for outbound communications. This is useful when a machine is connected to multiple networks with different IP addresses.
Examples of use
Value | Meaning |
---|---|
9.20.4.98 | Channel binds to this address locally |
9.20.4.98 (1000) | Channel binds to this address and port 1000 locally |
9.20.4.98 (1000,2000) | Channel binds to this address and uses a port in the range 1000 to 2000 locally |
(1000) | Channel binds to port 1000 locally |
(1000,2000) | Channel binds to a port in the range 1000 to 2000 locally |
This parameter is valid for the following channel types:
When a sender or server channel is attempting to connect to the remote machine, and the count specified by ShortRetryCount has been exhausted, this specifies the maximum number of further attempts that are made to connect to the remote machine, at intervals specified by LongRetryInterval.
If this count is also exhausted without success, an error is logged to the operator, and the channel is stopped. The channel must subsequently be restarted with a command (it is not started automatically by the channel initiator), and it then makes only one attempt to connect, as it is assumed that the problem has now been cleared by the administrator. The retry sequence is not carried out again until after the channel has successfully connected.
Specify a value in the range 0 through 999 999 999.
This parameter is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR.
Specifies the long retry wait interval for a sender or server channel that is started automatically by the channel initiator. It defines the interval in seconds between attempts to establish a connection to the remote machine, after the count specified by ShortRetryCount has been exhausted.
The time is approximate; zero means that another connection attempt is made as soon as possible.
Specify a value in the range 0 through 999 999. Values exceeding this are treated as 999 999.
This parameter is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR.
Specifies the maximum message length that can be transmitted on the channel. This is compared with the value for the remote channel and the actual maximum is the lower of the two values.
The value zero means the maximum message length for the queue manager.
The lower limit for this parameter is 0. The upper limit depends on the environment:
This is reserved, and if specified can be set only to blanks.
The maximum length of the string is MQ_MCA_NAME_LENGTH.
This parameter is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_REQUESTER, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR.
Specifies the type of the message channel agent program.
On AIX, HP-UX, i5/OS, Solaris, Windows and Linux, this parameter is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_REQUESTER, or MQCHT_CLUSSDR.
On z/OS, this parameter is valid only for a ChannelType value of MQCHT_CLURCVR.
The value can be:
If this is nonblank, it is the user identifier which is to be used by the message channel agent for authorization to access WebSphere MQ resources, including (if PutAuthority is MQPA_DEFAULT) authorization to put the message to the destination queue for receiver or requester channels.
If it is blank, the message channel agent uses its default user identifier.
This user identifier can be overridden by one supplied by a channel security exit.
This parameter is not valid for channels with a ChannelType of MQCHT_CLNTCONN.
The maximum length of the MCA user identifier depends on the environment in which the MCA is running. MQ_MCA_USER_ID_LENGTH gives the maximum length for the environment for which your application is running. MQ_MAX_MCA_USER_ID_LENGTH gives the maximum for all supported environments.
On Windows, you can optionally qualify a user identifier with the domain name in the following format:
user@domain
The channel's mutually supported compression techniques are passed to the sending channel's message exit where the compression technique used can be altered on a per message basis. Compression will alter the data passed to send and receive exits.
Specify one or more of:
This is the LU 6.2 mode name.
The maximum length of the string is MQ_MODE_NAME_LENGTH.
This parameter is valid only for channels with a TransportType of MQXPT_LU62. It is not valid for receiver or server-connection channels.
If a nonblank name is defined, the exit is invoked immediately after a message has been retrieved from the transmission queue. The exit is given the entire application message and message descriptor for modification.
For channels with a channel type (ChannelType) of MQCHT_SVRCONN or MQCHT_CLNTCONN, this parameter is accepted but ignored, since message exits are not invoked for such channels.
The format of the string is the same as for SecurityExit.
The maximum length of the exit name depends on the environment in which the exit is running. MQ_EXIT_NAME_LENGTH gives the maximum length for the environment in which your application is running. MQ_MAX_EXIT_NAME_LENGTH gives the maximum for all supported environments.
In the following environments, a list of exit names can be specified by using an MQCFSL structure instead of an MQCFST structure: AIX, HP-UX, i5/OS, Solaris, Windows, Linux, and z/OS.
Specifies the number of times that a failing message should be retried.
Specify a value in the range 0 through 999 999 999.
This parameter is valid only for ChannelType values of MQCHT_RECEIVER, MQCHT_REQUESTER, or MQCHT_CLUSRCVR.
If a nonblank name is defined, the exit is invoked prior to performing a wait before retrying a failing message.
The format of the string is the same as for SecurityExit.
The maximum length of the exit name depends on the environment in which the exit is running. MQ_EXIT_NAME_LENGTH gives the maximum length for the environment in which your application is running. MQ_MAX_EXIT_NAME_LENGTH gives the maximum for all supported environments.
This parameter is valid only for ChannelType values of MQCHT_RECEIVER, MQCHT_REQUESTER, or MQCHT_CLUSRCVR.
Specifies the minimum time interval in milliseconds between retries of failing messages.
Specify a value in the range 0 through 999 999 999.
This parameter is valid only for ChannelType values of MQCHT_RECEIVER, MQCHT_REQUESTER, or MQCHT_CLUSRCVR.
Specifies user data that is passed to the message retry exit.
The maximum length of the string is MQ_EXIT_DATA_LENGTH.
This parameter is valid only for ChannelType values of MQCHT_RECEIVER, MQCHT_REQUESTER, or MQCHT_CLUSRCVR.
Specifies user data that is passed to the message exit.
The maximum length of the string is MQ_EXIT_DATA_LENGTH.
For channels with a channel type (ChannelType) of MQCHT_SVRCONN or MQCHT_CLNTCONN, this parameter is accepted but ignored, since message exits are not invoked for such channels.
In the following environments, a list of exit user data strings can be specified by using an MQCFSL structure instead of an MQCFST structure: AIX, HP-UX, i5/OS, Solaris, Windows, Linux, and z/OS.
The priority for the network connection. If there are multiple paths available, distributed queuing selects the path with the highest priority.
The value must be in the range 0 (lowest) through 9 (highest).
This parameter applies only to channels with a ChannelType of MQCHT_CLUSRCVR
This parameter is supported in the following environments: AIX, HP-UX, i5/OS, Solaris, Windows and Linux.
Specifying MQNPMS_FAST means that nonpersistent messages on a channel need not wait for a syncpoint before being made available for retrieval. The advantage of this is that nonpersistent messages become available for retrieval far more quickly. The disadvantage is that because they do not wait for a syncpoint, they might be lost if there is a transmission failure.
This parameter is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_RECEIVER, MQCHT_REQUESTER, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR. The value can be:
This is used by the message channel agent when attempting to initiate a secure SNA session with a remote message channel agent. On HP OpenVMS, i5/OS, Compaq NonStop Kernel, and UNIX systems, it is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_REQUESTER, MQCHT_CLNTCONN, or MQCHT_CLUSSDR. On z/OS, it is valid only for a ChannelType value of MQCHT_CLNTCONN.
The maximum length of the string is MQ_PASSWORD_LENGTH. However, only the first 10 characters are used.
Specifies whether the user identifier in the context information associated with a message should be used to establish authority to put the message on the destination queue.
This parameter is valid only for channels with a ChannelType value of MQCHT_RECEIVER, MQCHT_REQUESTER, MQCHT_CLUSRCVR, or, on z/OS only, MQCHT_SVRCONN.
The value can be:
For channels with a ChannelType of MQCHT_CLNTCONN, this is the name of a queue manager to which a client application can request connection.
For channels of other types, this parameter is not valid. The maximum length of the string is MQ_Q_MGR_NAME_LENGTH.
Specifies the disposition of the object to which you are applying the command (that is, where it is defined and how it behaves). The value can be:
QSGDisposition | Change | Copy, Create |
---|---|---|
MQQSGD_COPY | The object definition resides on the page set of the queue manager that executes the command. The object was defined using a command that had the parameter MQQSGD_COPY. Any object residing in the shared repository, or any object defined using a command that had the parameters MQQSGD_Q_MGR, is not affected by this command. | The object is defined on the page set of the queue manager that executes the command using the MQQSGD_GROUP object of the same name as the ToChannelName object (for Copy) or ChannelName object (for Create). |
MQQSGD_GROUP | The object definition resides in the shared repository. The object
was defined using a command that had the parameter MQQSGD_GROUP. Any object
residing on the page set of the queue manager that executes the command (except
a local copy of the object) is not affected by this command.
If the command is successful, the following MQSC command is generated and sent to all active queue managers in the queue-sharing group to attempt to refresh local copies on page set zero: DEFINE CHANNEL(channel-name) CHLTYPE(type) REPLACE QSGDISP(COPY) The Change for the group object takes effect regardless of whether the generated command with QSGDISP(COPY) fails. |
The object definition resides in the shared repository.
This is allowed only if the queue manager is in a queue-sharing group.
If the definition is successful, the following MQSC command is generated and sent to all active queue managers in the queue-sharing group to attempt to make or refresh local copies on page set zero: DEFINE CHANNEL(channe-name) CHLTYPE(type) REPLACE QSGDISP(COPY) The Copy or Create for the group object takes effect regardless of whether the generated command with QSGDISP(COPY) fails. |
MQQSGD_PRIVATE | The object resides on the page set of the queue manager
that executes the command, and was defined with MQQSGD_Q_MGR or MQQSGD_COPY.
Any object residing in the shared repository is unaffected. |
Not permitted. |
MQQSGD_Q_MGR | The object definition resides on the page set of the queue
manager that executes the command. The object was defined using a command
that had the parameter MQQSGD_Q_MGR. Any object residing in the shared repository,
or any local copy of such an object, is not affected by this command.
This is the default value. |
The object is defined on the page set of the queue manager
that executes the command.
This is the default value. |
If a nonblank name is defined, the exit is invoked before data received from the network is processed. The complete transmission buffer is passed to the exit and the contents of the buffer can be modified as required.
The format of the string is the same as for SecurityExit.
The maximum length of the exit name depends on the environment in which the exit is running. MQ_EXIT_NAME_LENGTH gives the maximum length for the environment in which your application is running. MQ_MAX_EXIT_NAME_LENGTH gives the maximum for all supported environments.
In the following environments, a list of exit names can be specified by using an MQCFSL structure instead of an MQCFST structure: AIX, HP-UX, i5/OS, Solaris, Windows, Linux, and z/OS.
Specifies user data that is passed to the receive exit.
The maximum length of the string is MQ_EXIT_DATA_LENGTH.
In the following environments, a list of exit user data strings can be specified by using an MQCFSL structure instead of an MQCFST structure: AIX, HP-UX, i5/OS, Solaris, Windows, Linux, and z/OS.
The value can be:
If ChannelType is MQCHT_CLUSSDR, MQRP_YES can be specified only if the channel was created manually.
If a nonblank name is defined, the security exit is invoked at the following times:
Before any messages are transferred, the exit is given the opportunity to instigate security flows to validate connection authorization.
Any security message flows received from the remote processor on the remote machine are passed to the exit.
The exit is given the entire application message and message descriptor for modification.
The format of the string depends on the platform, as follows:
libraryname(functionname)
progname libnamewhere progname occupies the first 10 characters, and libname the second 10 characters (both blank-padded to the right if necessary).
dllname(functionname)where dllname is specified without the suffix ".DLL".
imagename(functionname)
The maximum length of the exit name depends on the environment in which the exit is running. MQ_EXIT_NAME_LENGTH gives the maximum length for the environment in which your application is running. MQ_MAX_EXIT_NAME_LENGTH gives the maximum for all supported environments.
Specifies user data that is passed to the security exit.
The maximum length of the string is MQ_EXIT_DATA_LENGTH.
If a nonblank name is defined, the exit is invoked immediately before data is sent out on the network. The exit is given the complete transmission buffer before it is transmitted; the contents of the buffer can be modified as required.
The format of the string is the same as for SecurityExit.
The maximum length of the exit name depends on the environment in which the exit is running. MQ_EXIT_NAME_LENGTH gives the maximum length for the environment in which your application is running. MQ_MAX_EXIT_NAME_LENGTH gives the maximum for all supported environments.
In the following environments, a list of exit names can be specified by using an MQCFSL structure instead of an MQCFST structure: AIX, HP-UX, i5/OS, Solaris, Windows, Linux, and z/OS.
Specifies user data that is passed to the send exit.
The maximum length of the string is MQ_EXIT_DATA_LENGTH.
In the following environments, a list of exit user data strings can be specified by using an MQCFSL structure instead of an MQCFST structure: AIX, HP-UX, i5/OS, Solaris, Windows, Linux, and z/OS.
Specifies the maximum message sequence number. When the maximum is reached, sequence numbers wrap to start again at 1.
The maximum message sequence number is not negotiable; the local and remote channels must wrap at the same number.
Specify a value in the range 100 through 999 999 999.
This parameter is not valid for channels with a ChannelType of MQCHT_SVRCONN or MQCHT_CLNTCONN.
The maximum number of attempts that are made by a sender or server channel to establish a connection to the remote machine, at intervals specified by ShortRetryInterval before the (normally longer) LongRetryCount and LongRetryInterval are used.
Retry attempts are made if the channel fails to connect initially (whether it is started automatically by the channel initiator or by an explicit command), and also if the connection fails after the channel has successfully connected. However, if the cause of the failure is such that retry is unlikely to be successful, retries are not attempted.
Specify a value in the range 0 through 999 999 999.
This parameter is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR.
Specifies the short retry wait interval for a sender or server channel that is started automatically by the channel initiator. It defines the interval in seconds between attempts to establish a connection to the remote machine.
The time is approximate; zero means that another connection attempt is made as soon as possible.
Specify a value in the range 0 through 999 999. Values exceeding this are treated as 999 999.
This parameter is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR.
The length of the string is MQ_SSL_CIPHER_SPEC_LENGTH.
This parameter is valid only for channels with a transport type (TRPTYPE) of TCP. If the TRPTYPE is not TCP, the data is ignored and no error message is issued.
The SSLCIPH values must specify the same CipherSpec on both ends of the channel. For more information about working with CipherSpecs, see the WebSphere MQ Security book.
Specify the name of the CipherSpec that you are using. Alternatively, on i5/OS, and z/OS, you can specify the two-digit hexadecimal code.
The following table shows the CipherSpecs that can be used with WebSphere MQ SSL.
On i5/OS, installation of AC3 is a prerequisite of the use of SSL.
CipherSpec name | Hash algorithm | Encryption algorithm | Encryption bits | FIPS on Windows and UNIX platforms1 |
---|---|---|---|---|
NULL_MD5
Note:
Available
on all platforms. |
MD5 | None | 0 | No |
NULL_SHA
Note:
Available
on all platforms |
SHA-1 | None | 0 | No |
RC4_MD5_EXPORT
Note:
Available on all platforms |
MD5 | RC4 | 40 | No |
RC4_MD5_US
Note:
Available
on all platforms |
MD5 | RC4 | 128 | No |
RC4_SHA_US
Note:
Available
on all platforms |
SHA-1 | RC4 | 128 | No |
RC2_MD5_EXPORT
Note:
Available on all platforms |
MD5 | RC2 | 40 | No |
DES_SHA_EXPORT
Note:
Available on all platforms |
SHA-1 | DES | 56 | No |
RC4_56_SHA_EXPORT1024
Notes:
|
SHA-1 | RC4 | 56 | No |
DES_SHA_EXPORT1024
Notes:
|
SHA-1 | DES | 56 | No |
TRIPLE_DES_SHA_US
Note:
Not available for i5/OS |
SHA-1 | 3DES | 168 | No |
TLS_RSA_WITH_AES_128_CBC_SHA
Notes:
|
SHA-1 | AES | 128 | Yes |
TLS_RSA_WITH_AES_256_CBC_SHA
Notes:
|
SHA-1 | AES | 256 | Yes |
AES_SHA_US
Note:
Available on i5/OS(TM) only |
SHA-1 | AES | 128 | No |
TLS_RSA_WITH_DES_CBC_SHA
Notes:
|
SHA-1 | DES | 56 | Yes |
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Notes:
|
SHA-1 | 3DES | 168 | Yes |
FIPS_WITH_DES_CBC_SHA
Note:
Available only on Windows and UNIX platforms |
SHA-1 | DES | 56 | Yes |
FIPS_WITH_3DES_EDE_CBC_SHA
Note:
Available only on Windows and UNIX platforms |
SHA-1 | 3DES | 168 | Yes |
Notes:
|
When you request a personal certificate, you specify a key size for the public and private key pair. The key size that is used during the SSL handshake can depend on the size stored in the certificate and on the CipherSpec:
If the SSLCIPH parameter is blank, no attempt is made to use SSL on the channel.
The value can be:
Defines whether WebSphere MQ requires a certificate from the SSL client.
The initiating end of the channel acts as the SSL client, so this applies to the end of the channel that receives the initiation flow, which acts as the SSL server.
The parameter is used only for channels with SSLCIPH specified. If SSLCIPH is blank, the data is ignored and no error message is issued.
On platforms other than z/OS, the length of the string is MQ_SSL_PEER_NAME_LENGTH. On z/OS, it is MQ_SSL_SHORT_PEER_NAME_LENGTH.
Specifies the filter to use to compare with the Distinguished Name of the certificate from the peer queue manager or client at the other end of the channel. (A Distinguished Name is the identifier of the SSL certificate.) If the Distinguished Name in the certificate received from the peer does not match the SSLPEER filter, the channel does not start.
This parameter is optional; if it is not specified, the Distinguished Name of the peer is not checked at channel start up. (The Distinguished Name from the certificate is still written into the SSLPEER definition held in memory, and passed to the security exit). If SSLCIPH is blank, the data is ignored and no error message is issued.
This parameter is valid for all channel types.
The SSLPEER value is specified in the standard form used to specify a Distinguished Name. For example: SSLPEER('CN="xxx yyy zzz",O=xxx,C=xxx')
You can use a semi-colon as a separator instead of a comma.
The possible attribute types supported are:
CN | common name |
T | title |
OU | organizational unit name |
O | organization name |
L | locality name |
ST, SP(TM) or S | state or province name |
C | country |
WebSphere MQ only accepts upper case letters for the attribute types.
If any of the unsupported attribute types are specified in the SSLPEER string, an error is output either when the attribute is defined or at run time (depending on which platform you are running on), and the string is deemed not to have matched the flowed certificate's Distinguished Name.
If the flowed certificate's Distinguished Name contains multiple OU (organisational unit) attributes, and SSLPEER specifies these attributes to be compared, they must be defined in descending hierarchical order. For example, if the flowed certificate's Distinguished Name contains the OUs OU=Large Unit,OU=Medium Unit,OU=Small Unit, specifying the following SSLPEER values will work:
('OU=Large Unit,OU=Medium Unit') ('OU=*,OU=Medium Unit,OU=Small Unit') ('OU=*,OU=Medium Unit')
but specifying the following SSLPEER values will fail:
('OU=Medium Unit,OU=Small Unit') ('OU=Large Unit,OU=Small Unit') ('OU=Medium Unit')
Any or all of the attribute values can be generic, either an asterisk (*) on its own, or a stem with initiating or trailing asterisks. This allows the SSLPEER to match any Distinguished Name value, or any value starting with the stem for that attribute.
If an asterisk is specified at the beginning or end of any attribute value in the Distinguished Name on the certificate, you can specify \* to check for an exact match in SSLPEER. For example, if you have an attribute of CN=Test* in the Distinguished Name of the certificate, you can use the following command:
SSLPEER('CN=Test\*')
This is the LU 6.2 transaction program name.
The maximum length of the string is MQ_TP_NAME_LENGTH.
This parameter is valid only for channels with a TransportType of MQXPT_LU62. It is not valid for receiver channels.
No check is made that the correct transport type has been specified if the channel is initiated from the other end. The value can be:
This value is supported in Windows. It also applies to z/OS for defining client-connection channels that connect to servers on the platforms supporting NetBIOS.
This value is supported in Windows. It also applies to z/OS for defining client-connection channels that connect to servers on the platforms supporting SPX.
This value is supported in the following environment: HP OpenVMS.
This is used by the message channel agent when attempting to initiate a secure SNA session with a remote message channel agent. On HP OpenVMS, i5/OS, Compaq NonStop Kernel, UNIX systems, it is valid only for ChannelType values of MQCHT_SENDER, MQCHT_SERVER, MQCHT_REQUESTER, MQCHT_CLNTCONN, MQCHT_CLUSSDR, or MQCHT_CLUSRCVR. On z/OS, it is valid only for a ChannelType value of MQCHT_CLNTCONN.
The maximum length of the string is MQ_USER_ID_LENGTH. However, only the first 10 characters are used.
The maximum length of the string is MQ_Q_NAME_LENGTH.
A transmission queue name is required (either previously defined or specified here) if ChannelType is MQCHT_SENDER or MQCHT_SERVER. It is not valid for other channel types.
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
csqzac0460 |