CipherSpecs and CipherSuites
Cryptographic security protocols must agree on the algorithms used by a secure connection. CipherSpecs and CipherSuites define specific combinations of algorithms.
A CipherSpec identifies a combination of encryption algorithm and Message Authentication Code (MAC) algorithm. Both ends of a TLS, or SSL, connection must agree on the same CipherSpec to be able to communicate.
From IBM® MQ 8.0.0, Fix Pack 9, IBM MQ supports the TLSv1.2 protocol. However, you can enable deprecated CipherSpecs, if you need to do so.
- CipherSpecs supported by IBM MQ
- How you enable deprecated SSLv3 and TLSv1.0 CipherSpecs
For more information about CipherSpecs, see Enabling CipherSpecs.
- The key exchange and authentication algorithm, used during the handshake
- The encryption algorithm, used to encipher the data
- The MAC (Message Authentication Code) algorithm, used to generate the message digest
- The RSA key exchange and authentication algorithm
- The RC4 encryption algorithm, using a 128-bit key
- The MD5 MAC algorithm
Several algorithms are available for key exchange and authentication, but the RSA algorithm is currently the most widely used. There is more variety in the encryption algorithms and MAC algorithms that are used.