![[MQ 9.4.0 Jun 2024]](ng940.gif)
Support for TLS1.3 on managed .NET clients
From IBM® MQ 9.4.0, IBM MQ .NET and XMS .NET clients support TLS1.3, provided that the operating system supports TLS1.3.
The managed .NET client uses the Microsoft .NET Framework libraries to implement TLS secure socket protocols. The Microsoft System.Net.SecuritySslStream class operates as a stream over connected TCP sockets and sends and receives data over that socket connection.
On Windows, .NET uses SCHANNEL, and on Linux® .NET uses OpenSSL for SSL Communication.
![[Windows]](ngwin.gif)
For IBM MQ .NET client applications running on Windows
Microsoft had announced that Windows 11 and Windows Server 2022 support TSL1.3 ciphers by default.
- TLS_CHACHA20_POLY1305_SHA256 Cipher Suite is not enabled by default but is supported.
- For an IBM MQ .NET client with TLS1.3 enabled, to connect to a queue manager successfully, IBM Global Security Kit (GSKit) 8.0.55.29 is the minimum version that is the required at the queue manager side.
![[Linux]](nglinux.gif)
For IBM MQ .NET client applications running on Linux
As .NET uses OpenSSL on Linux for SSL Communication, to use TLS1.3, OpenSSL v1.1.1 is the minimum requirement.
Additionally, as .NET uses OpenSSL on Linux, all the ciphers supported by OpenSSL should work for .NET as well.
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_GCM_SHA256
- TLS_AES_128_CCM_8_SHA256
- TLS_AES_128_CCM_SHA256