CipherSpecs and CipherSuites
Cryptographic security protocols must agree on the algorithms used by a secure connection. CipherSpecs and CipherSuites define specific combinations of algorithms.
A CipherSpec identifies a combination of encryption algorithm and Message Authentication Code (MAC) algorithm. Both ends of a TLS connection must agree on the same CipherSpec to be able to communicate.
IBM® MQ supports TLS1.3 and TLS1.2 protocols and CipherSpecs. However, you can enable deprecated CipherSpecs, if you need to do so.
See Enabling CipherSpecs for information on:
- CipherSpecs supported by IBM MQ
- How you enable deprecated SSL 3.0 and TLS 1.0 CipherSpecs
Important: When dealing with IBM MQ
channels, you use a CipherSpec. When dealing with Java channels, JMS channels, or MQTT channels you
specify a CipherSuite.
For more information about CipherSpecs, see Enabling CipherSpecs.
A CipherSuite is a suite of cryptographic algorithms used by a TLS connection. A suite
comprises three distinct algorithms:
- The key exchange and authentication algorithm, used during the handshake
- The encryption algorithm, used to encipher the data
- The MAC (Message Authentication Code) algorithm, used to generate the message digest
- The RSA key exchange and authentication algorithm
- The AES encryption algorithm, using a 128-bit key and cipher block chaining (CBC) mode
- The SHA-1 Message Authentication Code (MAC)