0

What Cipersuites and Cipher Specs, can I use for IBM MQ v9 + Oracle-JDK v8?

I need more information on the FIPS parameter. When I tried with FIPS parameter, I didn't change anything in MQ level, but changed it to true in JMS client. What is use of this? How is it related to cipher-spec or cipher-suite?

Getting Authorization exception in MQ9 and resolved

just want to review below process are correct way to avoid Authorization exception

  • setmqaut -m TLSTEST.QM -t qmgr -p clientadmin +connect +dsp +inq

  • setmqaut -m TLSTEST.QM -t queue -p clientadmin -n '**' +put +get +browse +dsp +inq

  • runmqsc TLSTEST.QM ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL)

  • ALTER QMGR CHLAUTH(DISABLED)
  • REFRESH SECURITY TYPE(CONNAUTH)
MQ Beginner
  • 99
  • 1
  • 5
  • 13

1 Answers1

1

The information already provided in my answer to your question "TLSv2 with JDk8 Ciphersuites with MQ8? regarding MQ8 + Oracle-JDK8 will apply to this question.

Per a presentation given by Mark Taylor "What’s new in IBM MQ?", the GA release of MQ v9.0.0.0 was based on MQ v8.0.0.4 plus functional changes.

– Plus functional changes on top of MQ 8.0.0.4…

APAR IV66840 shows the fix is targeted for delivery in 8.0.0.2.

Based on this v9.0.0.0 would have this APAR included with the same Oracle mapping available in v8.0.0.2 and higher.

For information on FIPS please refer to the IBM MQ v9.0 Knowledge Center page "Federal Information Processing Standards (FIPS).

In general this caused MQ to disable weak cipherspecs.

In relation to Java, the settings like sslFipsRequired would cause MQ to use TLS in preference to SSL for Cipersuites that had a dual mapping, but as of any recent version of MQ any of those Ciphersuites that had dual mapping have been disabled by default as weak Ciphersuits.

IBM developerWorks blog post "MQ Java, TLS Ciphers, Non-IBM JREs & APARs IT06775, IV66840, IT09423, IT10837 -- HELP ME PLEASE!" has details on how the sslFipsRequired and preferTLS behavior has changed over recent APARs.

Community
  • 1
  • 1
JoshMc
  • 10,239
  • 2
  • 19
  • 38
  • Referring to FIPS , what is use of this? how it related to cipher-spec or cipher-suite? even though in MQ Level , NOT enabled this parameter , JMS client getting connected.In Some Docs mentioned on cipher-spec<>ciper-suite-FIPS value – MQ Beginner Mar 07 '17 at 10:21
  • New question added for easy migration process in windows MQ8/9 server installtion [https://stackoverflow.com/questions/43030276/migration-process-from-mq7-to-mq8-mq9] – MQ Beginner Mar 26 '17 at 14:53
  • Please do not use comments to old questions to reference new questions. All you need to do is tag the new question with the tag [[tag:ibm-mq]] and people with knowledge of the IBM MQ product will see it. I would recommend going back and deleting the comments to your past questions where you reference new questions as well as editing past questions to remove links to new questions. – JoshMc Mar 27 '17 at 16:26