Table 34 lists the CipherSpecs supported by WebSphere MQ and their equivalent CipherSuites. The table also indicates whether a WebSphere MQ Java application can establish a connection to a queue manager if a CipherSpec is specified at the server end of the MQI channel and the equivalent CipherSuite is specified at the client end.
For each combination of CipherSpec and CipherSuite, whether a WebSphere MQ base Java application can connect to a queue manager depends on the value of the sslFipsRequired field in the MQEnvironment class, or on the value of the environment property MQC.SSL_FIPS_REQUIRED_PROPERTY. Similarly, whether a WebSphere MQ JMS application can connect to a queue manager depends on the value of the SSLFIPSREQUIRED property of the ConnectionFactory object.
At the server end of an MQI channel, the name of a CipherSpec can be specified as the value of the SSLCIPH parameter on a DEFINE CHANNEL CHLTYPE(SVRCONN) command. At the client end of an MQI channel, the name of a CipherSuite can be specified in the following ways:
CipherSpec | Equivalent CipherSuite | Connection possible if SFIPS1 is set to NO? | Connection possible if SFIPS1 is set to YES? |
---|---|---|---|
NULL_MD5 | SSL_RSA_WITH_NULL_MD5 | Yes | No |
NULL_SHA | SSL_RSA_WITH_NULL_SHA | Yes | No |
RC4_MD5_EXPORT | SSL_RSA_EXPORT_WITH_RC4_40_MD5 | Yes | No |
RC4_MD5_US | SSL_RSA_WITH_RC4_128_MD5 | Yes | No |
RC4_SHA_US | SSL_RSA_WITH_RC4_128_SHA | Yes | No |
RC2_MD5_EXPORT | SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | Yes | No |
DES_SHA_EXPORT | SSL_RSA_WITH_DES_CBC_SHA | Yes | No |
RC4_56_SHA_EXPORT1024 | SSL_RSA_EXPORT1024_WITH_RC4_56_SHA | No | No |
DES_SHA_EXPORT1024 | SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA | No | No |
TRIPLE_DES_SHA_US | SSL_RSA_WITH_3DES_EDE_CBC_SHA | Yes | No |
TLS_RSA_WITH_AES_128_CBC_SHA | SSL_RSA_WITH_AES_128_CBC_SHA | No | Yes |
TLS_RSA_WITH_AES_256_CBC_SHA | SSL_RSA_WITH_AES_256_CBC_SHA | No | Yes |
AES_SHA_US2 | |||
TLS_RSA_WITH_DES_CBC_SHA | SSL_RSA_WITH_DES_CBC_SHA | No | Yes |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | SSL_RSA_WITH_3DES_EDE_CBC_SHA | No | Yes |
FIPS_WITH_DES_CBC_SHA | SSL_RSA_FIPS_WITH_DES_CBC_SHA | Yes | No |
FIPS_WITH_3DES_EDE_CBC_SHA | SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA | Yes | No |
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
jsslcs |