Deprecated CipherSpecs
A list of deprecated CipherSpecs that you are able to use with IBM® MQ if necessary.
IBM Crypto for Ccryptographic module. The certificate for this module has been moved to the Historical status. Customers should view the IBM Crypto for C certificate and be aware of any advice provided by NIST. A replacement FIPS 140-3 module is currently in progress and its status can be viewed by searching for it in the NIST CMVP modules in process list.
For information about enabling the deprecated CipherSpecs, see Enabling deprecated CipherSpecs on Multiplatforms or Enabling deprecated CipherSpecs on z/OS.
Deprecated CipherSpecs that you can use with IBM MQ TLS support are listed in the following table.
Platform support 1 | CipherSpec name | Hex code | Protocol used | Data integrity | Encryption algorithm (encryption bits) | FIPS 2 | Suite B | Update when deprecated |
---|---|---|---|---|---|---|---|---|
CipherSpecs for SSL 3.0 | ||||||||
AES_SHA_US
3 |
002F | SSL 3.0 | SHA-1 | AES (128) | No | No | 9.0.0.0 | |
All | DES_SHA_EXPORT
3
4
5
|
0009 | SSL 3.0 | SHA-1 | DES (56) | No | No | 9.0.0.0 |
DES_SHA_EXPORT1024
3
6
|
0062 | SSL 3.0 | SHA-1 | DES (56) | No | No | 9.0.0.0 | |
FIPS_WITH_DES_CBC_SHA
3 |
FEFE | SSL 3.0 | SHA-1 | DES (56) | No7 | No | 9.0.0.0 | |
FIPS_WITH_3DES_EDE_CBC_SHA
3 |
FEFF | SSL 3.0 | SHA-1 | 3DES (168) | No8 | No | 9.0.0.1 and 9.0.1 | |
All | NULL_MD5
3 |
0001 | SSL 3.0 | MD5 | None | No | No | 9.0.0.1 |
All | NULL_SHA
3 |
0002 | SSL 3.0 | SHA-1 | None | No | No | 9.0.0.1 |
All | RC2_MD5_EXPORT
3
4
5
|
0006 | SSL 3.0 | MD5 | RC2 (40) | No | No | 9.0.0.0 |
All | RC4_MD5_EXPORT
4
3
|
0003 | SSL 3.0 | MD5 | RC4 (40) | No | No | 9.0.0.0 |
All | RC4_MD5_US
3 |
0004 | SSL 3.0 | MD5 | RC4 (128) | No | No | 9.0.0.0 |
All | RC4_SHA_US
3
5
|
0005 | SSL 3.0 | SHA-1 | RC4 (128) | No | No | 9.0.0.0 |
RC4_56_SHA_EXPORT1024
3
6
|
0064 | SSL 3.0 | SHA-1 | RC4 (56) | No | No | 9.0.0.0 | |
All | TRIPLE_DES_SHA_US
3
5
|
000A | SSL 3.0 | SHA-1 | 3DES (168) | No | No | 9.0.0.1 and 9.0.1 |
CipherSpecs for TLS 1.0 | ||||||||
TLS_RSA_EXPORT_WITH_RC2_40_MD5
3 |
0006 | TLS 1.0 | MD5 | RC2 (40) | No | No | 9.0.0.0 | |
TLS_RSA_EXPORT_WITH_RC4_40_MD5 3
4
|
0003 | TLS 1.0 | MD5 | RC4 (40) | No | No | 9.0.0.0 | |
All | TLS_RSA_WITH_DES_CBC_SHA
3
|
0009 | TLS 1.0 | SHA-1 | DES (56) | No9 | No | 9.0.0.0 |
TLS_RSA_WITH_NULL_MD5
3 |
0001 | TLS 1.0 | MD5 | None | No | No | 9.0.0.1 | |
TLS_RSA_WITH_NULL_SHA
3 |
0002 | TLS 1.0 | SHA-1 | None | No | No | 9.0.0.1 | |
TLS_RSA_WITH_RC4_128_MD5
3
|
0004 | TLS 1.0 | MD5 | RC4 (128) | No | No | 9.0.0.0 | |
TLS_RSA_WITH_AES_128_CBC_SHA
10 |
002F | TLS 1.0 | SHA-1 | AES (128) | Yes | No | 9.0.5 | |
TLS_RSA_WITH_AES_256_CBC_SHA
6
10
|
0035 | TLS 1.0 | SHA-1 | AES (256) | Yes | No | 9.0.5 | |
All | TLS_RSA_WITH_3DES_EDE_CBC_SHA |
000A | TLS 1.0 | SHA-1 | 3DES (168) | Yes | No | 9.0.0.1 and 9.0.1 |
CipherSpecs for TLS 1.2 | ||||||||
ECDHE_ECDSA_NULL_SHA256
3
|
C006 | TLS 1.2 | SHA-1 | None | No | No | 9.0.0.1 | |
ECDHE_ECDSA_RC4_128_SHA256
3 |
C007 | TLS 1.2 | SHA-1 | RC4 (128) | No | No | 9.0.0.0 | |
ECDHE_RSA_NULL_SHA256
3 |
C010 | TLS 1.2 | SHA-1 | None | No | No | 9.0.0.1 | |
ECDHE_RSA_RC4_128_SHA256
3 |
C011 | TLS 1.2 | SHA-1 | RC4 (128) | No | No | 9.0.0.0 | |
TLS_RSA_WITH_NULL_NULL
3
|
0000 | TLS 1.2 | None | None | No | No | 9.0.0.1 | |
All | TLS_RSA_WITH_NULL_SHA256
3 |
003B | TLS 1.2 | SHA-256 | None | No | No | 9.0.0.1 |
TLS_RSA_WITH_RC4_128_SHA256
3 |
0005 | TLS 1.2 | SHA-1 | RC4 (128) | No | No | 9.0.0.0 | |
ECDHE_ECDSA_3DES_EDE_CBC_SHA256
|
C0008 | TLS 1.2 | SHA-1 | 3DES (168) | Yes | No | 9.0.0.1 and 9.0.1 | |
ECDHE_RSA_3DES_EDE_CBC_SHA256
|
C012 | TLS 1.2 | SHA-1 | 3DES (168) | Yes | No | 9.0.0.1 and 9.0.1 | |
Notes:
|