SSL Cipher Specification (SSLCIPH)
The SSLCIPH attribute specifies a single CipherSpec for a TLS connection.
Every IBM MQ channel definition includes the SSLCIPH attribute. The value is a string with a maximum length of 32 characters.
The SSLCIPH attribute is valid only for channels with a transport type (TRPTYPE) of TCP. If the TRPTYPE is not TCP, the data is ignored and no error message is issued.
Notes:
- The SSLCIPH attribute can contain a blank value, meaning that we are not using TLS. If one end of the channel has a blank SSLCIPH attribute, the other end of the channel must also have a blank SSLCIPH attribute.
- Alternatively, if SSLCIPH contains a nonblank value, the channel attempts to use the specified cipher to use TLS. Again, in this case, both ends of the channel must specify the same SSLCIPH value.
- The only exception to the rule that SSLCIPH must be the same at both ends of a channel is that a fully-managed .NET client can specify the special value *NEGOTIATE. This option allows the channel to select the most recent protocol version supported by the .NET framework, and negotiate a CipherSpec that the server supports.
For more information about SSLCIPH, see DEFINE CHANNEL and Specify CipherSpecs.
Parent topic: Channel attributes in alphabetical order