What's new in IBM MQ 9.2.5 for Multiplatforms - base and Advanced entitlement

For Multiplatforms, IBM® MQ 9.2.5 delivers a number of new features and enhancements that are available with base product entitlement, and also with Advanced entitlement.

Managing IBM MQ

Support for multiple queue manager certificates in MQIPT
TLS support for the IBM MQ .NET XA Monitor application
Additional configuration option to control TLS environment in C clients
Support for Transport Layer Security (TLS) 1.3 in MQIPT
REST Messaging API: greater access to message properties when sending and receiving messages using the REST API

Support for multiple queue manager certificates in MQIPT

From IBM MQ 9.2.5, per-channel certificates can be used on a queue manager for TLS connections received from IBM MQ Internet Pass-Thru (MQIPT), where the MQIPT route is configured as a TLS client.

IBM MQ supports the use of multiple certificates on the same queue manager, using a per-channel certificate label, specified using the CERTLABL attribute on the channel definition. Inbound channels to the queue manager rely on detecting the channel name using TLS Server Name Indication (SNI), in order for the queue manager to present the correct certificate. From IBM MQ 9.2.5, MQIPT can be configured to allow multiple certificates to be used by the destination queue manager by either setting the SNI to the channel name, or passing through the SNI received on the inbound connection to the route.

For more information about multiple certificate support and MQIPT, see IBM MQ multiple certificate support with MQIPT.

TLS support for the IBM MQ .NET XA Monitor application

The IBM MQ .NET client provides an XA Monitor application, WmqDotnetXAMonitor, that you can use to recover any incomplete distributed transactions. From IBM MQ 9.2.5, the WmqdotnetXAMonitor application includes the option to establish a secure connection to the queue manager. For more information, see Using the WMQDotnetXAMonitor application and WmqDotNETXAMonitor application configuration file settings.

Additional configuration option to control TLS environment in C clients

A new configuration option has been added to C clients to allow a different mode of operating when creating TLS connections.

For more information, see the EnvironmentScope attribute of the SSL stanza of the client configuration file .

Support for Transport Layer Security (TLS) 1.3 in MQIPT

From IBM MQ 9.2.5, IBM MQ Internet Pass-Thru (MQIPT) supports Transport Layer Security (TLS) 1.3. Three new CipherSuites are provided for use with TLS 1.3.

TLS 1.3 can be used on routes where MQIPT is configured as a TLS server, TLS client, or TLS proxy. Connections between the mqiptAdmin command and MQIPT can also be secured with TLS 1.3.

TLS 1.3 is enabled by default on routes that use TLS, and the TLS command port, from IBM MQ 9.2.5. To disable TLS 1.3, specify the protocols to be enabled using the SSLClientProtocols, SSLServerProtocols, or SSLCommandPortProtocols properties.

For more information about TLS support in MQIPT, see SSL/TLS support. The new CipherSuites are listed in the TLS 1.3 section of Table 1.

REST Messaging API: greater access to message properties when sending and receiving messages using the REST API

The following new features provide increased access to message properties when sending or receiving messages by using the REST API:

A new REST API V3 has been introduced. New features are available by using the v3 version of the resource URL.
Support for a message priority request header has been added.
Application-specific correlation IDs can now be used (bringing the use of Correlation and Message IDs more in line with JMS).
Support for setting and reading multiple user-defined message properties has been added.

Details of the new features are available in the following topics: