SSL servers do not detect mismatches
in the following circumstances:
- When an SSL client channel on UNIX(R) or Windows(R) (at WebSphere(R) MQ Version
6.0 or higher) specifies the DES_SHA_EXPORT1024 CipherSpec, and
the corresponding SSL server channel on UNIX or Windows (at WebSphere MQ Version
6.0 or higher) is using the DES_SHA_EXPORT CipherSpec
- When an SSL client channel on UNIX or Windows (at WebSphere MQ Version
6.0 or higher) specifies the DES_SHA_EXPORT1024 CipherSpec and
the corresponding SSL server channel on Windows (at WebSphere MQ Version
5.3) is using the DES_SHA_EXPORT CipherSpec
- When an SSL client channel on Windows (at WebSphere MQ Version
5.3) specifies the DES_SHA_EXPORT CipherSpec and the corresponding
SSL server channel on UNIX or Windows (at WebSphere MQ Version
6.0 or higher) is using the DES_SHA_EXPORT1024 CipherSpec
WebSphere MQ does not detect these mismatches for one or both of the following
reasons:
- At Version 5.3, WebSphere MQ cannot change the handshake key
size at channel start on Windows systems, so WebSphere MQ for Windows does
not support the DES_SHA_EXPORT1024 CipherSpec. The operating system
SSL support might set the handshake key size to 1024 bits based, for example,
on information held in the certificates.
- On all platforms, the SSL support cannot detect which platform is at the
other end of the SSL channel.
In these circumstances, the channel runs normally.