[z/OS]

The QMINI data set

You can use the QMINI data set to specify properties that are to be read and processed during queue manager initialization.

Characteristics of the QMINI data set

The QMINI data set is a sequential data set, or a member of a partitioned data set, with a maximum record length of 80 bytes (72 bytes for data and eight bytes for the line number).

The following example shows the properties for a sequential QMINI data set. Some properties are, of course, based on your environment. 

Data Set Name . . . . : QM01.QMINI 
General Data                        Current Allocation 
Management class . .  : STANDARD    Allocated tracks  . : 1 
Storage class  . . .  : STANDARD    Allocated extents . : 1 
Volume serial . . .   : P5P21E 
Device type . . . .   : 3390 
Data class . . . . .  : **None** 
Organization  . . .   : PS          Current Utilization 
Record format . . .   : FB          Used tracks . . . . : 0 
Record length . . .   : 80          Used extents  . . . : 0 
Block size  . . . .   : 3120 
1st extent tracks .   : 1           
Secondary tracks  .   : 1           Dates 
Data set name type    :             Creation date . . . : 2020/08/11
Data set encryption   : NO          Referenced date . . : ***None***
                                    Expiration date . . : ***None***
SMS Compressible  .   : NO
thlqual.SCSQPROC, includes:
  • The sample contents for a QMINI data set in CSQ4QMIN.
  • An example of specifying the QMINI data set using the //CSQMINI DD card, in the queue manager startup JCL, in the started task procedures CSQ4MSTR and CSQ4MSRR.
Notes:
  • The code that parses the data set only parses the first 72 bytes of each record.
  • Line numbers are ignored so it is not necessary to specify line numbers.
  • If a line starts with an asterisk character (*), the line is treated as a comment.
  • The contents of the QMINI data set are parsed during queue manager startup. If the contents are parsed successfully, message CSQM578I is issued in the queue manager job log. If any errors are encountered during parsing, error messages, for example CSQM573E, are issued in the queue manager job log but the queue manager still starts.

    Check for error messages, and resolve any issues in the contents of the QMINI data set.

    If the queue manager is unable to parse the QMINI data set, you can start the channel initiator, but you cannot start any channels that are configured to use SSL or TLS as the security configuration settings are unknown.

  • If you make any updates to the data set after you have started the queue manager, you must restart the queue manager to pick up the changes.

The TransportSecurity stanza

From IBM® MQ for z/OS® 9.2.0, the QMINI data set supports the TransportSecurity stanza. This stanza provides similar function to that provided by the SSL stanza in the qm.ini file on IBM MQ for Multiplatforms.

The TransportSecurity stanza supports the following properties:
AllowTLSV13
Whether a queue manager is able to use the TLS 1.3 CipherSpecs; valid values are: TRUE/T/YES/Y or FALSE/F/NO/N.
For migrated queue managers, TLS 1.3 is not enabled by default. You can enable TLS 1.3 by defining a QMINI data set with the TransportSecurity stanza and AllowTLSV13=TRUE.
For newly created queue managers TLS 1.3 is enabled by default.
AllowedCipherSpecs
A custom list of CipherSpecs that are enabled.
See Providing a custom list of ordered and enabled CipherSpecs on IBM MQ for z/OS for more information on this property.
Duplicate CipherSpec names in the list are ignored.
[MQ 9.3.0 Jul 2022]OutboundSNI
Whether the Server Name Indication (SNI) is set to the target IBM MQ channel name to the remote system when initiating a TLS connection, or to the hostname; valid values are: CHANNEL or HOSTNAME.
If the destination channel is configured with a certificate label on the channel object CERTLABL field, you must set CERTLABL to the channel value. If a connection with a setting of HOSTNAME is made to a channel with a CERTLABL setting, the connection fails and an AMQ9673 message is printed in the remote queue manager error logs.
The following example shows how the TransportSecurity stanza is specified:
TransportSecurity:
AllowedCipherSpecs=ECDHE_RSA_AES_128_GCM_SHA256, 
                   ECDHE_RSA_AES_256_GCM_SHA384
AllowTLSV13=TRUE