XMSC_WMQ_SSL_FIPS

XMSC_WMQ_SSL_FIPS_REQUIRED

Data type:

Boolean

Property of:

ConnectionFactory

The value of this property determines whether an application can or cannot use non-FIPS compliant cipher suites. If this property is set to true, only FIPS algorithms are used for the client-server connection.

This property can have the following values, which translate to the two canonical values for MQSCO.FipsRequired:

Table 1. Table of values for MQSCO.FlipsRequired property

Value Description Corresponding value of MQSCO.FipsRequired

false Any CipherSpec can be used. MQSSL_FIPS_NO (the default)

true Only FIPS-certified cryptographic algorithms can be used in the CipherSpec applying to this client connection. MQSSL_FIPS_YES

XMS copies the relevant value into MQSCO.FipsRequired before calling MQCONNX.

The parameter MQSCO.FipsRequired is only available from WebSphere MQ version 6. If WebSphere MQ version 5.3, if this property is set, XMS does not attempt to make the connection to the queue manager, and throws an appropriate exception instead.

For .NET only: From IBM MQ Version 8.0, managed connections to IBM MQ (WMQ_CM_CLIENT) and unmanaged connections to IBM MQ (WMQ_CM_CLIENT_UNMANAGED) both support TLS/SSL connections.

Parent topic: Property definitions

Related information

SSL and TLS support for the unmanaged .NET client
SSL and TLS support for the managed .NET client

Value	Description	Corresponding value of MQSCO.FipsRequired
false	Any CipherSpec can be used.	MQSSL_FIPS_NO (the default)
true	Only FIPS-certified cryptographic algorithms can be used in the CipherSpec applying to this client connection.	MQSSL_FIPS_YES