SHA-2 cipher specifications and cipher suites

WebSphere® MQ File Transfer Edition supports SHA-2 cipher specifications and cipher suites on the IBM® i and z/OS® platforms only.

To enable use of SHA-2 cipher specifications and cipher suites on connections between agents and WebSphere MQ queue managers, you must use WebSphere MQ File Transfer Edition V7.0.4.3 with APAR IC93851 applied; and IBM JREs 6.0 SR13 FP2, 7.0 SR4 FP2, or later.

For more information about cipher specifications and cipher suites that are available to use on IBM i and z/OS on connections between agents and WebSphere MQ queue managers, see SSL CipherSpecs and CipherSuites.

To enable use of SHA-2 cipher specifications and cipher suites to connect to an FTPS server using the protocol bridge in FTPS mode, you must use WebSphere MQ File Transfer Edition V7.0.4.4 or later; and IBM JREs 6.0 SR13 FP2, 7.0 SR4 FP2, or later.

For more information about configuring cipher suites for use with the protocol bridge agent, see FTPS server support by the protocol bridge and Protocol bridge properties file format. For a list of valid cipher suite values, see Cipher suites in the IBM SDK and Runtime Environment Java™ Technology Edition Version 7 product documentation.

If you want to comply with SP 800-131A, you must satisfy the following requirements:
  • You must use FTPS, which you have configured appropriately; SFTP is not supported.
  • The remote server must send SP 800-131A-compliant cipher suites only.

Reference Reference

Feedback

Timestamp icon Last updated: Tuesday, 30 January 2018
http://www.ibm.com/support/knowledgecenter/SSEP7X_7.0.4/com.ibm.wmqfte.doc/sha2_restrict.htm