Original Message:
Sent: Fri June 09, 2023 11:27 AM
From: Rob Parker
Subject: Enable TLS1.2 encryption on MQ Channel (MQ 7.1)
Hi Jozef,
The 7.1 Documentation is no longer live but the MQ 7.5 doc shows a large number of TLS 1.2 ciphers available but they appear to only be available on UNIX, Windows and Linux per note 'b' https://www.ibm.com/docs/en/ibm-mq/7.5?topic=messages-specifying-cipherspecs
It doesn't look likely but someone else may be able to confirm.
However, what is the plan should TLS 1.2 not be available? If TLS 1.2 is not available then it may be possible to still connect the MQ 7.1 via TLS 1.0 or SSLv3, your customer would just have to enable the protocols/ciphers on the other queue managers. Although be aware, there is a statement of direction saying that in the future the SSLv3 and TLS 1.0 cipherspecs are going to be removed from MQ entirely.
------------------------------
Rob Parker
Security Architect, IBM MQ Distributed
IBM UK Ltd
Original Message:
Sent: Fri June 09, 2023 10:52 AM
From: Jozef Thijs
Subject: Enable TLS1.2 encryption on MQ Channel (MQ 7.1)
I just received the request to enable TLS1.2 encryption on some MQ channels (to external partners).
This environment is a MQ environment (MQ 7.1), running on an iSeries/IBMi with OS 7.3. I know this MQ 7.1 is out of support, and soon this MQ version 7.1 will be upgraded to MQ v9.2 or MQ v9.3, but my external partner would like to install the encryption setup (TLS1.2) now (still in MQ 7.1).
Is this TLS1.2 setup feasible with MQ7.1. ?
And what' s the best approach to handle this setup (any installation document available) ?
I would expect to receive a certificate from the external partner, and get imported into DCM, and afterwards start with some configuration changes within MQ.
Kind regards,
Jos
Jos (Jozef) Thijs
Kyndryl Belgium.
------------------------------
Jozef Thijs
------------------------------