SSLFIPSRequired (MQLONG)
This lets you specify that only FIPS-certified algorithms are to be used if the cryptography is executed in IBM MQ, rather than in cryptographic hardware. If cryptographic hardware is configured, the cryptography modules used are those modules provided by the hardware product; these modules might or might not be FIPS-certified to a particular level depending on the hardware product in use.
The value is one of the following values:
- MQSSL_FIPS_NO
- Use any CipherSpec supported on the platform in use. This value is the default value.
- MQSSL_FIPS_YES
- Use only FIPS-certified cryptographic algorithms in the CipherSpecs allowed on all TLS connections from and to this queue manager.
This parameter is valid only on UNIX, Linux, Windows, and z/OS platforms.
To determine the value of this attribute, use the MQIA_SSL_FIPS_REQUIRED selector with the MQINQ call.
Related information
- Specify that only FIPS-certified CipherSpecs are used at run time on the MQI client
- Federal Information Processing Standards (FIPS) for UNIX, Linux, and Windows