What Cipersuites and Cipher Specs, can I use for IBM MQ v9 + Oracle-JDK v8?
I need more information on the FIPS parameter. When I tried with FIPS parameter, I didn't change anything in MQ level, but changed it to true in JMS client. What is use of this? How is it related to cipher-spec or cipher-suite?
Getting Authorization exception in MQ9 and resolved
just want to review below process are correct way to avoid Authorization exception
- setmqaut -m TLSTEST.QM -t qmgr -p clientadmin +connect +dsp +inq
setmqaut -m TLSTEST.QM -t queue -p clientadmin -n '**' +put +get +browse +dsp +inq
runmqsc TLSTEST.QM ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL)
- ALTER QMGR CHLAUTH(DISABLED)
- REFRESH SECURITY TYPE(CONNAUTH)
The information already provided in my answer to your question "TLSv2 with JDk8 Ciphersuites with MQ8? regarding MQ8 + Oracle-JDK8 will apply to this question.
Per a presentation given by Mark Taylor "What’s new in IBM MQ?", the GA release of MQ v9.0.0.0 was based on MQ v8.0.0.4 plus functional changes.
APAR IV66840 shows the fix is targeted for delivery in 8.0.0.2.
Based on this v9.0.0.0 would have this APAR included with the same Oracle mapping available in v8.0.0.2 and higher.
For information on FIPS please refer to the IBM MQ v9.0 Knowledge Center page "Federal Information Processing Standards (FIPS).
In general this caused MQ to disable weak cipherspecs.
In relation to Java, the settings like sslFipsRequired would cause MQ to use TLS in preference to SSL for Cipersuites that had a dual mapping, but as of any recent version of MQ any of those Ciphersuites that had dual mapping have been disabled by default as weak Ciphersuits.
IBM developerWorks blog post "MQ Java, TLS Ciphers, Non-IBM JREs & APARs IT06775, IV66840, IT09423, IT10837 -- HELP ME PLEASE!" has details on how the sslFipsRequired and preferTLS behavior has changed over recent APARs.