FIPS support in MFT

Managed File Transfer supports the use of FIPS-compliant cryptography modules in client connections from agents, commands, and the IBM MQ Explorer to queue managers. All SSL connections to the queue manager use the TLS protocol only. Support is provided for JKS and PKCS#12 keystore types.

Specify whether you want to enable FIPS support for an agent, a coordination queue manager, or a command queue manager as follows:

• If you want to enable FIPS for a specific agent, set the appropriate agentSsl properties in the agent.properties file for that agent. For more information, see SSL properties for MFT.
• If you want to enable FIPS for a specific coordination queue manager, set the appropriate coordinationSsl properties in the coordination.properties file for that coordination queue manager. For more information, see SSL properties for MFT.
• If you want to enable FIPS for a specific command queue manager, set the appropriate connectionSsl properties in the command.properties file for that command queue manager. For more information, see SSL properties for MFT.

FIPS is not supported on Managed File Transfer for IBM i.

FIPS is not supported on connections to or from a protocol bridge or a Connect:Direct® bridge.

For more information about IBM MQ and FIPS and the configuration steps required, see Federal Information Processing Standards (FIPS).

If you want to use FIPS, the CipherSuite must be FIPS-compliant or the connection fails. For more information about the CipherSpecs supported by IBM MQ, see SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for Java™ and SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS.