Security: changes to CipherSuite support
For IBM® MQ 8.0, the SHA-2 support that is already provided in earlier releases has been extended.
Extended SHA-2 support
Basic SHA-2 support is provided for the following platforms:
- Windows, UNIX and Linux® (Provided by the base queue manager SSL/TLS support since IBM WebSphere® MQ 7.0.1.4)
- IBM i (Added in IBM WebSphere MQ 7.1 )
- z/OS® (Added in IBM WebSphere MQ 7.1 )
Basic SHA-2 CipherSuite support is provided for the following components (From IBM WebSphere MQ 7.1.0, Fix Pack 3 and IBM WebSphere MQ 7.5.0, Fix Pack 2):
- MQ Explorer
- Java/JMS
- Telemetry
- Managed File Transfer components
SHA-2 support is extended to include support for the full set of SHA-2 CipherSuites for the
following components (For IBM MQ 8.0 ):
- MQ Explorer
- Java/JMS
- Telemetry
- Managed File Transfer components.
CipherSuite no longer supported
The following CipherSuite is no longer supported:
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
Limitations on interoperability
Three Java CipherSuites have been removed from
the Java classes and must no longer be used in
conjunction with SSL-based CipherSpecs. The three CipherSuites must now be used only in conjunction
with their corresponding TLS-based IBM MQ CipherSpecs.
The following CipherSuites are affected:
- SSL_RSA_WITH_3DES_EDE_CBC_SHA
- SSL_RSA_WITH_DES_CBC_SHA
- SSL_RSA_WITH_RC4_128_SHA
Attention: MQ Explorer obtains its list of supported ciphers from the Java classes, so MQ Explorer
also no longer supports these three specific ciphers.
For more information, see the
SSL/TLS CipherSpecs and CipherSuites topics in the Related links.