CipherSuite and CipherSpec name mappings for connections to an IBM MQ queue manager
The InitialContext translates between the JMSAdmin Connection Factory property SSLCIPHERSUITE and the XMS near-equivalent XMSC_WMQ_SSL_CIPHER_SPEC. A similar translation is necessary if you specify a value for XMSC_WMQ_SSL_CIPHER_SUITE but omit value for XMSC_WMQ_SSL_CIPHER_SPEC.
Table 1 lists the available CipherSpecs and their JSSE CipherSuite equivalents.
| CipherSpec | Equivalent JSSE CipherSuite |
|---|---|
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | SSL_RSA_WITH_3DES_EDE_CBC_SHA |
| TLS_RSA_WITH_AES_128_CBC_SHA | SSL_RSA_WITH_AES_128_CBC_SHA |
| TLS_RSA_WITH_AES_256_CBC_SHA | SSL_RSA_WITH_AES_256_CBC_SHA |
| TLS_RSA_WITH_DES_CBC_SHA | SSL_RSA_WITH_DES_CBC_SHA |
- TLS_RSA_WITH_3DES_EDE_CBC_SHA is deprecated. However, it can still be used to transfer up to 32 GB of data before the connection is terminated with error AMQ9288. To avoid this error, you need to either avoid using triple DES, or enable secret key reset when using this CipherSpec.