MQSSL_FIPS_* values" />
Home
FipsRequired (MQLONG)
This field allows you to specify that only FIPS-certified algorithms are used if the cryptography is provided in WebSphere MQ-provided software. WebSphere MQ can be configured with cryptographic hardware so that the cryptography modules used are those provided by the hardware product; these can either be FIPS-certified, or not, to a particular level depending on the cryptographic hardware product in use.
When WebSphere MQ is installed an implementation of SSL cryptography is also installed which provides some FIPS-certified modules. The values can be:
- MQSSL_FIPS_NO
- This is the default value. When set to this value:
- Any CipherSpec supported on a particular platform can be used.
- If run without use of cryptographic hardware, the following CipherSpecs run using FIPS 140-2 certified cryptography on the WebSphere MQ V6.0 platforms:
- TLS_RSA_WITH_DES_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- FIPS_WITH_DES_CBC_SHA
- FIPS_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- MQSSL_FIPS_YES
- When set to this value, unless you are using cryptographic hardware to perform the cryptography, we can be sure that
- Only FIPS-certified cryptographic algorithms can be used in the CipherSpecs allowed on all SSL connections from, and to, this queue manager
- Inbound and outbound SSL channel connections only succeed if one of the following Cipher Specs are used:
- TLS_RSA_WITH_DES_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- FIPS_WITH_DES_CBC_SHA
- FIPS_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
Home