System requirements for using SHA-2 cipher suites with MQTT channels

For Java 6 from IBM®, SR13 onwards, you can use SHA-2 cipher suites to secure your MQTT channels and client apps. However, SHA-2 cipher suites are not enabled by default until Java 7 from IBM, SR4 onwards, so in earlier versions you must specify the required suite. If you are running an MQTT client with your own JRE, you need to ensure that it supports the SHA-2 cipher suites. For your client apps to use SHA-2 cipher suites, the client must also set the SSL context to a value that supports Transport Layer Security (TLS) version 1.2.

For Java 7 from IBM, SR4 onwards, SHA-2 cipher suites are enabled by default. For Java 6 from IBM, SR13 and later service releases, if you define an MQTT channel without specifying a cipher suite, the channel will not accept connections from a client using a SHA-2 cipher suite. To use SHA-2 cipher suites, you must specify the required suite in the channel definition. This makes the telemetry (MQXR) service enable the suite before making connections. It also means that only client apps using the specified suite can connect to this channel.

For a list of the cipher suites that are currently supported, see the related links. For the MQTT clients, details of the SHA-2 cipher suite support for each client is given in System requirements for using SHA-2 cipher suites with MQTT clients.