CipherSpecs and CipherSuites
Cryptographic security protocols must agree on the algorithms used by a secure connection. CipherSpecs and CipherSuites define specific combinations of algorithms.
A CipherSpec identifies a combination of encryption algorithm and Message Authentication Code (MAC) algorithm. Both ends of a TLS connection must agree on the same CipherSpec to be able to communicate.
From IBM® MQ 9.0.0 Fix Pack 3 and IBM MQ 9.0.5, IBM MQ supports the TLSv1.2 protocol. However, you can enable deprecated CipherSpecs, if you need to do so.
See Enabling CipherSpecs for information on:
- CipherSpecs supported by IBM MQ
- How you enable deprecated SSLv3 and TLSv1.0 CipherSpecs.
Important: When dealing with IBM MQ
channels, you use a CipherSpec. When dealing with Java channels, JMS channels, or MQTT channels you
specify a CipherSuite.
A CipherSuite is a suite of cryptographic algorithms used by a TLS connection. A suite
comprises three distinct algorithms:
- The key exchange and authentication algorithm, used during the handshake
- The encryption algorithm, used to encipher the data
- The MAC (Message Authentication Code) algorithm, used to generate the message digest
- The RSA key exchange and authentication algorithm
- The AES encryption algorithm, using a 128-bit key and cipher block chaining (CBC) mode
- The SHA-1 Message Authentication Code (MAC)