Alternatives for specifying CipherSpecs
For those platforms where the operating system provides the TLS support, your system might support new CipherSpecs. You can specify a new CipherSpec with the SSLCIPH parameter, but the value you supply depends on your platform.
For those platforms where the operating system provides the TLS support, your system might support new CipherSpecs that are not included in Enabling CipherSpecs. You can specify a new CipherSpec with the SSLCIPH parameter, but the value you supply depends on your platform. In all cases the specification must correspond to an TLS CipherSpec that is both valid and supported by the version of TLS your system is running.
- IBM i
- A two-character string representing a hexadecimal value.
For more information about the permitted values, see point three in the Usage Notes section of Set character information for a secure session.
Attention: You should not specify hexadecimal cipher values in SSLCIPH, because it is unclear from the value which cipher will be used, and the choice of which protocol to be used is indeterminate. Using hexadecimal cipher values can lead to CipherSpec mismatch errors.You can use either the CHGMQMCHL or the CRTMQMCHL command to specify the value, for example:
You can also use the ALTER QMGR MQSC command to set the SSLCIPH parameter.CRTMQMCHL CHLNAME(' channel name ') SSLCIPH(' hexadecimal value ')
- z/OS®
- A four-character string representing a hexadecimal value. The hexadecimal codes correspond to
the values defined in the TLS protocol.
For more information, refer to Cipher Suite Definitions where there is a list of all the supported TLS 1.0, TLS 1.2, and TLS 1.3 cipher specifications in the form of 4-digit hexadecimal codes.
Considerations for IBM MQ clusters
With IBM MQ clusters it is safest to use the CipherSpec names in Enabling CipherSpecs. If you use an alternative specification, be aware that the specification might not be valid on other platforms. For more information, refer to SSL/TLS and clusters.