Deprecated CipherSpecs
A list of deprecated CipherSpecs that you are able to use with IBM® MQ if necessary.
Note: On UNIX, Linux®, and Windows, IBM MQ provides FIPS 140-2 compliance through the IBM Crypto for C (ICC) cryptographic module. The certificate for this
module has been moved to the Historical status. Customers should view the IBM Crypto for C (ICC) certificate and be aware of any advice provided by NIST. A replacement FIPS 140-3 module is
currently in progress and its status can be viewed by searching for it in the NIST CMVP modules in process list.
For information about enabling the deprecated CipherSpecs, see Enabling deprecated CipherSpecs on Multiplatforms or Enabling deprecated CipherSpecs on z/OS.
Deprecated CipherSpecs that you can use with IBM MQ TLS support are listed in the following table.
Platform support 1 | CipherSpec name | Protocol used | Data integrity | Encryption algorithm | Encryption bits | FIPS 2 | Suite B | Update when deprecated |
---|---|---|---|---|---|---|---|---|
AES_SHA_US
|
SSL 3.0 | SHA-1 | AES | 128 | No | No | 9.0.0.0 | |
All | DES_SHA_EXPORT 3
8 |
SSL 3.0 | SHA-1 | DES | 56 | No | No | 9.0.0.0 |
DES_SHA_EXPORT1024 4
|
SSL 3.0 | SHA-1 | DES | 56 | No | No | 9.0.0.0 | |
FIPS_WITH_DES_CBC_SHA
|
SSL 3.0 | SHA-1 | DES | 56 | No6 | No | 9.0.0.0 | |
FIPS_WITH_3DES_EDE_CBC_SHA
|
SSL 3.0 | SHA-1 | 3DES | 168 | No7 | No | 9.0.0.1 and 9.0.1 | |
All | NULL_MD5
|
SSL 3.0 | MD5 | None | 0 | No | No | 9.0.0.1 |
All | NULL_SHA
|
SSL 3.0 | SHA-1 | None | 0 | No | No | 9.0.0.1 |
All | RC2_MD5_EXPORT 3
8 |
SSL 3.0 | MD5 | RC2 | 40 | No | No | 9.0.0.0 |
All | RC4_MD5_EXPORT 3
|
SSL 3.0 | MD5 | RC4 | 40 | No | No | 9.0.0.0 |
All | RC4_MD5_US
|
SSL 3.0 | MD5 | RC4 | 128 | No | No | 9.0.0.0 |
All | RC4_SHA_US
8 |
SSL 3.0 | SHA-1 | RC4 | 128 | No | No | 9.0.0.0 |
RC4_56_SHA_EXPORT1024 4
|
SSL 3.0 | SHA-1 | RC4 | 56 | No | No | 9.0.0.0 | |
All | TRIPLE_DES_SHA_US
8 |
SSL 3.0 | SHA-1 | 3DES | 168 | No | No | 9.0.0.1 and 9.0.1 |
TLS_RSA_EXPORT_WITH_RC2_40_MD5
|
TLS 1.0 | MD5 | RC2 | 40 | No | No | 9.0.0.0 | |
TLS_RSA_EXPORT_WITH_RC4_40_MD5 3
|
TLS 1.0 | MD5 | RC4 | 40 | No | No | 9.0.0.0 | |
All | TLS_RSA_WITH_DES_CBC_SHA
|
TLS 1.0 | SHA-1 | DES | 56 | No5 | No | 9.0.0.0 |
TLS_RSA_WITH_NULL_MD5
|
TLS 1.0 | MD5 | None | 0 | No | No | 9.0.0.1 | |
TLS_RSA_WITH_NULL_SHA
|
TLS 1.0 | SHA-1 | None | 0 | No | No | 9.0.0.1 | |
TLS_RSA_WITH_RC4_128_MD5
|
TLS 1.0 | MD5 | RC4 | 128 | No | No | 9.0.0.0 | |
ECDHE_ECDSA_NULL_SHA256
|
TLS 1.2 | SHA-1 | None | 0 | No | No | 9.0.0.1 | |
ECDHE_ECDSA_RC4_128_SHA256
|
TLS 1.2 | SHA-1 | RC4 | 128 | No | No | 9.0.0.0 | |
ECDHE_RSA_NULL_SHA256
|
TLS 1.2 | SHA-1 | None | 0 | No | No | 9.0.0.1 | |
ECDHE_RSA_RC4_128_SHA256
|
TLS 1.2 | SHA-1 | RC4 | 128 | No | No | 9.0.0.0 | |
TLS_RSA_WITH_NULL_NULL
|
TLS 1.2 | None | None | 0 | No | No | 9.0.0.1 | |
All | TLS_RSA_WITH_NULL_SHA256
|
TLS 1.2 | SHA-256 | None | 0 | No | No | 9.0.0.1 |
TLS_RSA_WITH_RC4_128_SHA256
|
TLS 1.2 | SHA-1 | RC4 | 128 | No | No | 9.0.0.0 | |
All | TLS_RSA_WITH_3DES_EDE_CBC_SHA9 |
TLS 1.0 | SHA-1 | 3DES | 168 | Yes | No | 9.0.0.1 and 9.0.1 |
ECDHE_ECDSA_3DES_EDE_CBC_SHA2569 |
TLS 1.2 | SHA-1 | 3DES | 168 | Yes | No | 9.0.0.1 and 9.0.1 | |
ECDHE_RSA_3DES_EDE_CBC_SHA2569 |
TLS 1.2 | SHA-1 | 3DES | 168 | Yes | No | 9.0.0.1 and 9.0.1 | |
Notes:
|