XMSC_WMQ_SSL_CIPHER_SPEC

    Data type:
    String

    Property of:
    ConnectionFactory

The name of the CipherSpec to be used on a secure connection to a queue manager.

Cipher specifications that we can use with IBM MQ TLS support are listed in the following table. When you request a personal certificate, you specify a key size for the public and private key pair. The key size that is used during the SSL handshake is the size stored in the certificate unless it is determined by the CipherSpec, as noted in the table. By default, this property is not set.

CipherSpec name Protocol used Hash algorithm Encryption algorithm Encryption bits FIPS1 Suite B 128 bit Suite B 192 bit
TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.0 SHA-1 AES 128 Yes No No
TLS_RSA_WITH_AES_256_CBC_SHA2 TLS 1.0 SHA-1 AES 256 Yes No No
TLS_RSA_WITH_DES_CBC_SHA TLS 1.0 SHA-1 DES 56 No No No
TLS_RSA_WITH_3DES_EDE_CBC_SHA4 TLS 1.0 SHA-1 3DES 168 Yes No No
TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2 SHA-256 AES 128 Yes No No
TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2 SHA-384 AES 256 Yes No No
TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2 SHA-256 AES 128 Yes No No
TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2 SHA-256 AES 256 Yes No No
ECDHE_ECDSA_RC4_128_SHA256 TLS 1.2 SHA-256 RC4 128 No No No
ECDHE_ECDSA_3DES_EDE_CBC_SHA256 TLS 1.2 SHA-256 3DES 168 Yes No No
ECDHE_RSA_RC4_128_SHA256 TLS 1.2 SHA-256 RC4 128 No No No
ECDHE_RSA_3DES_EDE_CBC_SHA256 TLS 1.2 SHA-256 3DES 168 Yes No No
ECDHE_ECDSA_AES_128_CBC_SHA256 TLS 1.2 SHA-256 AES 128 Yes No No
ECDHE_ECDSA_AES_256_CBC_SHA384 TLS 1.2 SHA-384 AES 256 Yes No No
ECDHE_RSA_AES_128_CBC_SHA256 TLS 1.2 SHA-256 AES 128 Yes No No
ECDHE_RSA_AES_256_CBC_SHA384 TLS 1.2 SHA-384 AES 256 Yes No No
ECDHE_ECDSA_AES_128_GCM_SHA256 TLS 1.2 SHA-256 AES 128 Yes Yes No
ECDHE_ECDSA_AES_256_GCM_SHA384 TLS 1.2 SHA-384 AES 256 Yes No Yes
ECDHE_RSA_AES_128_GCM_SHA256 TLS 1.2 SHA-256 AES 128 Yes No No
ECDHE_RSA_AES_256_GCM_SHA384 TLS 1.2 SHA-384 AES 256 Yes No No
TLS_RSA_WITH_NULL_SHA256 TLS 1.2 SHA-256 None 0 No No No
ECDHE_RSA_NULL_SHA256 TLS 1.2 SHA-256 None 0 No No No
ECDHE_ECDSA_NULL_SHA256 TLS 1.2 SHA-256 None 0 No No No
TLS_RSA_WITH_NULL_NULL TLS 1.2 None None 0 No No No
TLS_RSA_WITH_RC4_128_SHA256 TLS 1.2 SHA-256 RC4 128 No No No
Notes:
  1. Specifies whether the CipherSpec complies with Federal Information Processing Standards (FIPS) 140-2. For an explanation of FIPS and information about how to configure IBM MQ for FIPS 140-2 compliant operation, see Federal Information Processing Standards (FIPS).
  2. This CipherSpec cannot be used to secure a connection from the IBM MQ Explorer to a queue manager unless the appropriate unrestricted policy files are applied to the JRE used by the IBM MQ Explorer.
  3. This CipherSpec was FIPS 140-2 certified before 19 May 2007.
  4. When IBM MQ is configured for FIPS 140-2 compliant operation, this CipherSpec can be used to transfer up to 32 GB of data before the connection is terminated with error AMQ9288. To avoid this error, either avoid using triple DES (which is deprecated), or enable secret key reset when using this CipherSpec in a FIPS 140-2 configuration.

Parent topic: Property definitions


Related information