[V8.0.0.2 Feb 2015]

Deprecation: SSLv3 protocol

From IBM® MQ 8.0.0, Fix Pack 2, the SSLv3 protocol and the use of some IBM MQ CipherSpecs is deprecated.

IBM MQ 8.0.0, Fix Pack 2 deprecates the SSLv3 protocol and the use of the following IBM MQ CipherSpecs:
  • AES_SHA_US
  • RC4_SHA_US
  • RC4_MD5_US
  • TRIPLE_DES_SHA_US
  • DES_SHA_EXPORT1024
  • RC4_56_SHA_EXPORT1024
  • RC4_MD5_EXPORT
  • RC2_MD5_EXPORT
  • DES_SHA_EXPORT
  • NULL_SHA
  • NULL_MD5
  • FIPS_WITH_DES_CBC_SHA
  • FIPS_WITH_3DES_EDE_CBC_SHA

If you are using these CipherSpecs, change your channel definitions to use an alternative IBM MQ CipherSpec that uses the TLS 1.0 or TLS 1.2 protocol.

If you need to continue using SSLv3 CipherSpecs, there are two alternative approaches that you can take:
  • Set the environment variable AMQ_SSL_V3_ENABLE=1.
  • Change the SSL stanza in the qm.ini file to re-enable the SSLv3 CipherSpecs:
    
    SSL:
    AllowSSLV3=Y
    

You can use the SECPROT parameter to display the security protocol in use on a channel.