CipherSuite and CipherSpec name mappings for connections to a WebSphere Application Server service integration bus
Because IBM® Global Security Kit (GSKit) uses CipherSpecs rather than CipherSuites, the JSSE-style CipherSuite names specified in the XMSC_WPM_SSL_CIPHER_SUITE property must be mapped to the GSKit-style CipherSpec names.
Table 1 lists the equivalent CipherSpec for each recognized CipherSuite.
| CipherSuite | CipherSpec equivalent |
|---|---|
| TLS_RSA_WITH_DES_CBC_SHA | TLS_RSA_WITH_DES_CBC_SHA |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | TLS_RSA_WITH_3DES_EDE_CBC_SHA |
| TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA |
| TLS_RSA_WITH_AES_256_CBC_SHA | TLS_RSA_WITH_AES_256_CBC_SHA |
Note: TLS_RSA_WITH_3DES_EDE_CBC_SHA is deprecated. However, it can still be used to transfer up to
32 GB of data before the connection is terminated with error AMQ9288. To avoid this error, you need
to either avoid using triple DES, or enable secret key reset when using this CipherSpec.