With the release of IBM MQ 9.3.0 LTS and all of the exciting features now available to our LTS customers, such as: Streaming Queues, PKCS#12 keystore support and Jakarta Messaging 3.0 support; one thing that may have escaped your notice is the deprecation statements released at the same time.
In this blog post i want to quickly cover the different statements to make sure you are aware as well as provide details of how you can get in contact with us to provide feedback/concerns.
Deprecation statements
You can find the details of the deprecation statements on the knowledge center page: https://www.ibm.com/docs/en/ibm-mq/9.3?topic=930-deprecated-stabilized-removed-features-in-mq
Weak Ciphers used by Advanced Message Security
Having had weaknesses identified, the following ciphers have been deprecated and should no longer be used in Advanced Message Security: MD5, SHA1, RC2, DES and 3DES.
Alternative, stronger, ciphers are available and should be used instead: SHA256, SHA384, SHA512, AES128 or AES256.
32-bit IBM MQ libraries
Systems that continue to support 32-bit applications are reducing, in line with this 32-bit MQ libraries will no longer be available in a future release. If you currently use the 32-bit libraries for your applications you are encouraged to recompile your applications as 64-bit applications to be able to use IBM MQ libraries once the 32-bit libraries have been removed.
Secure Sockets Layer v3 (SSLv3) and TLS 1.0
This deprecation statement was originally announced in IBM MQ 9.2.0 LTS but continues in IBM MQ 9.3.0 LTS.
SSLv3 and TLS 1.0 were deprecated many years ago due to weaknesses. Since that time, these protocols have been disabled by default and must be re-enabled to continue to be used. However, in a future release these protocols will be removed from MQ and it will not be possible to re-enable them.
If you currently use SSlv3 or TLS 1.0 ciphers for TLS communications you are encouraged to migrate to a strong TLS 1.2 or TLS 1.3 cipher. Alternatively you could use the Alias Ciphers to move to multiple ciphers.
For information on what ciphers IBM MQ supports see: https://www.ibm.com/docs/en/ibm-mq/9.3?topic=messages-enabling-cipherspecs
Support for -credentialsFile parameter in Managed File Transfer
This deprecation statement was originally announced in IBM MQ 9.2.0 LTS but continues in IBM MQ 9.3.0 LTS.
The fteobsfucate tool is used to encrypt sensitive data in Managed File Transfer's credential files, the -credentialsFile parameter for this tool has been deprecated and been replaced by the -f parameter. The -f parameter uses the new Password Protection system to encrypt sensitive data.
You can find more information on using fteobsfucate here: https://www.ibm.com/docs/en/ibm-mq/9.3?topic=reference-fteobfuscate-encrypt-sensitive-data
Support for all Managed File Transfer environment variables beginning with FTE
This deprecation statement was originally announced in IBM MQ 9.2.0 LTS but continues in IBM MQ 9.3.0 LTS.
Several environment variables for use with Managed File Transfer have been deprecated and replaced with new environment variables. These are:
- FTE_ANT_HOME substituted with BFG_ANT_HOME
- FTE_CLASSPATH substituted with BFG_CLASSPATH
- FTE_JVM_PROPERTIES substituted with BFG_JVM_PROPERTIES
- FTE_JAVA_HOME substituted with BFG_JAVA_HOME
If you use any of the environment variables above that start with FTE_ then you should switch to using their equivalent BFG_ version.
Who should i contact to provide feedback?
If you want to share feedback or concerns on the deprecation statements above then please either comment on this blog post or contact me directly at: parrobe@uk.ibm.com.