Disabling SSL/TLS on clustered queue managers and channels

To turn off TLS, set the SSLCIPH parameter to ' '. Disable TLS on the cluster channels individually, changing all the cluster receiver channels before the cluster sender channels.


About this task

Change one cluster receiver channel at a time, and allow the changes to flow through the cluster before changing the next. Important: Ensure that we do not change the reverse path until the changes for the current channel have been distributed throughout the cluster.


Procedure

  1. Set the value of the SSLCIPH parameter to ' ', an empty string in a single quotation mark , or *NONE on IBM® i . We can turn off TLS on the cluster receiver channels in any order you like.

    Note that the changes flow in the opposite direction over channels on which you leave TLS active.

  2. Check that the new value is reflected in all the other queue managers by using the command DISPLAY CLUSQMGR(*) ALL.
  3. Turn off TLS on all manual cluster sender channels. This does not have any effect on the operation of the cluster, unless we use the REFRESH CLUSTER command with the REPOS(YES) option.

    For large clusters, use of the REFRESH CLUSTER command can be disruptive to the cluster while it is in progress, and again at regular intervals thereafter, when the cluster objects automatically send status updates to all interested queue managers. See Refreshing in a large cluster can affect performance and availability of the cluster for more information.

  4. Stop and restart the cluster sender channels.