SSL Cipher Specification (SSLCIPH)

SSL Cipher Specification (SSLCIPH)

This attribute specifies a single CipherSpec for a TLS connection.

Every IBM MQ channel definition includes the SSLCIPH attribute. The value is a string with a maximum length of 32 characters.
Note the following:

The SSLCIPH attribute can contain a blank value, meaning that you are not using TLS. If one end of the channel has a blank SSLCIPH attribute, the other end of the channel must also have a blank SSLCIPH attribute.
Alternatively, if SSLCIPH contains a nonblank value, the channel attempts to use the specified cipher to use TLS. Again, in this case, both ends of the channel must specify the same SSLCIPH value.
The only exception to the rule that SSLCIPH must be the same at both ends of a channel, is that a fully-managed .NET client can specify the special value *NEGOTIATE. This option allows the channel to select the most recent protocol version supported by the .NET framework, and negotiate a CipherSpec that the server supports.

It is valid only for channels with a transport type (TRPTYPE) of TCP. If the TRPTYPE is not TCP, the data is ignored and no error message is issued.

For more information about SSLCIPH, see DEFINE CHANNEL and Specifying CipherSpecs.

Parent topic: Channel attributes in alphabetical order