FIPS support in MFT

Managed File Transfer supports the use of FIPS-compliant cryptography modules in client connections from agents, commands, and the IBM MQ Explorer to queue managers. All SSL connections to the queue manager use the TLS protocol only. Support is provided for JKS and PKCS#12 keystore types.

• To enable FIPS for a specific agent, set the appropriate agentSsl properties in the agent.properties file for that agent. For more information, see SSL properties for MFT.
• To enable FIPS for a specific coordination queue manager, set the appropriate coordinationSsl properties in the coordination.properties file for that coordination queue manager. For more information, see SSL properties for MFT.
• To enable FIPS for a specific command queue manager, set the appropriate connectionSsl properties in the command.properties file for that command queue manager. For more information, see SSL properties for MFT.

FIPS is not supported on Managed File Transfer for IBM i.

FIPS is not supported on connections to or from a protocol bridge or a Connect:Direct bridge.

For more information about IBM MQ and FIPS and the configuration steps required, see Federal Information Processing Standards (FIPS).

To use FIPS, the CipherSuite must be FIPS-compliant or the connection fails. For more information about the CipherSpecs supported by IBM MQ, see SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for Java and SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS.