Using JMS in NIST 800-131a compliance mode
When using JMS 11 for NIST 800-131a compliance, there is no option to control the selection of Cipher suites while configuring the Adapter or Service for Sterling B2B Integrator. NIST 800-131a compliance for Cipher suite is not allowed and SSL/TLS version for JMS 11 is not enforced because some providers do not provide an API that allows the control of Cipher suites or TLS version.
Only NIST 800-131a compliant certificates are available for selection when you are working in NIST 800-131a compliance mode with the JMS adapter. Although you can use any JMS provider, there are limitations with some providers:
| Provider | Limitations |
|---|---|
| Weblogic | Does not work with IBM JDK over SSL |
| TIBCO | Does not work with IBM JDK over SSL |
| Active MQ | There is no API to control the Cipher Suite and TLS version |
| WebSphere MQ | There is no API to control the TLS version |
Runtime
Only NIST 800-131a compliance system and CA certificates are available on the Services Configuration page. If a non-NIST 800-131a compliant system or CA certificate are configured, the business process will fail and you must re-configure the adapter with a NIST 800-131a compliant certificate. However, if a non-NIST 800-131a compliant Cipher is present, the communication will NOT fail because there is no API to control it.