![[V8.0.0.3 Jun 2015]](ng8003.gif)
Deprecation: weaker cryptographic algorithms
From IBM® MQ Version 8.0.0, Fix Pack 3, the support for weaker cryptographic algorithms is deprecated.
Changes have been made to the IBM MQ queue manager to disallow the configuration of CipherSpecs using cryptographic algorithms, or protocols, that are now considered to be weak.
The deprecated CipherSpecs are as follows:
- SSL v3
- All CipherSpecs are no longer enabled by default.
See Deprecation: SSLv3 protocol for more information.
- TLS 1.0
-
- TLS_RSA_EXPORT_WITH_RC2_40_MD5
- TLS_RSA_EXPORT_WITH_RC4_40_MD5
- TLS_RSA_WITH_DES_CBC_SHA
- TLS_RSA_WITH_NULL_MD5
- TLS_RSA_WITH_NULL_SHA
- TLS_RSA_WITH_RC4_128_MD5
- TLS 1.2
-
- ECDHE_ECDSA_NULL_SHA256
- ECDHE_ECDSA_RC4_128_SHA256
- ECDHE_RSA_NULL_SHA256
- ECDHE_RSA_RC4_128_SHA256
- TLS_RSA_WITH_NULL_NULL
- TLS_RSA_WITH_NULL_SHA256
- TLS_RSA_WITH_RC4_128_SHA256
See CipherSpecs supported in IBM MQ for information on the CipherSpecs that are supported, and how you can enable one or more of the deprecated CipherSpecs.