SHA-2 CipherSpecs and CipherSuites

IBM® MQ Managed File Transfer supports SHA-2 CipherSpecs and CipherSuites.

To enable use of SHA-2 CipherSpecs and CipherSuites in IBM MQ V8, on connections between agents and IBM MQ queue managers, you must use IBM JREs 6.0 SR13 FP2, 7.0 SR4 FP2, or later.

To enable use of SHA-2 CipherSpecs and CipherSuites in IBM MQ Managed File Transfer V8, for connecting to an FTPS server using the protocol bridge in FTPS mode, you must use IBM JREs 6.0 SR13 FP2, 7.0 SR4 FP2, or later.

For more information about CipherSpecs and CipherSuites that are available for connections between agents and IBM MQ queue managers, see SSL CipherSpecs and CipherSuites.

For more information about configuring CipherSpecs and CipherSuites for use with the protocol bridge agent and FTPS servers, see FTPS server support by the protocol bridge and Protocol bridge properties file format.

SHA-2 connections to 4690 OS are not supported.

The newer ciphers detailed in Specifying CipherSpecs in MQ 8.0 are not supported by the IBM i JVM. Therefore SHA-2 support for the IBM i platform covers only those ciphers detailed in Specifying CipherSpecs in MQ 7.5.

If you want to comply with SP 800-131A, you must satisfy the following requirements:

You must use FTPS, which you have configured appropriately; SFTP is not supported.
The remote server must send SP 800-131A-compliant cipher suites only.