Hi Yulia,
AMQ9288E error message is the one telling you that you have transferred the maximum amount of data you can with this algorithm. You get this because, as you note, you have chosen a GCM cipher. You don't have to change the cipher to avoid this message, you can instead make use of secret key reset (as is noted in the error message ACTION section) and in the docs here.
However, if you do want to avoid GCM ciphers and continue to use TLS 1.2, the Enabling CipherSpecs page in IBM Docs shows that you have these options:-
- TLS_RSA_WITH_AES_128_CBC_SHA2569
- TLS_RSA_WITH_AES_256_CBC_SHA256
- ECDHE_ECDSA_AES_128_CBC_SHA256
- ECDHE_ECDSA_AES_256_CBC_SHA384
- ECDHE_RSA_AES_128_CBC_SHA256
- ECDHE_RSA_AES_256_CBC_SHA384
If you decide to go with an ECDHE_ECDSA_* cipherspec then you will likely need to get a different certificate to use (see here) so that probably reduces the list down to the four RSA ones.
Also, remember that the default order that Ciphers are selected is able to be changed (see here).
I don't seem to be able to post another reply so I'll answer here. The best performing CipherSpec is usually the one that gives you the least protection. However, there are also IBM MQ performance reports that can help to answer this question. Check out this one: http://ibm-messaging.github.io/mqperf/MQ_V9.4_Performance_Report_windows.pdf
Cheers,
Morag