Deprecated CipherSpecs

A list of deprecated CipherSpecs that you are able to use with WebSphere® MQ if necessary.

See CipherSpec values supported in IBM WebSphere MQ for more information on how you can enable deprecated CipherSpecs.

Deprecated CipherSpecs that you can use with WebSphere MQ TLS support are listed in the following table:
Platform support 1 CipherSpec name Protocol used Data integrity Encryption algorithm Encryption bits FIPS 2 Suite B Update when deprecated
All DES_SHA_EXPORT3 SSL 3.0 SHA-1 DES 56 No No 7.5.0.6

WindowsLinuxUNIX

 DES_SHA_EXPORT10244 SSL 3.0 SHA-1 DES 56 No No 7.5.0.6

WindowsLinuxUNIX

 FIPS_WITH_DES_CBC_SHA SSL 3.0 SHA-1 DES 56 No6 No 7.5.0.6

WindowsLinuxUNIX

 FIPS_WITH_3DES_EDE_CBC_SHA SSL 3.0 SHA-1 3DES 168 No7 No 7.5.0.8
All NULL_MD5 SSL 3.0 MD5 None 0 No No 7.5.0.6
All NULL_SHA SSL 3.0 SHA-1 None 0 No No 7.5.0.6
All RC2_MD5_EXPORT3 SSL 3.0 MD5 RC2 40 No No 7.5.0.7
All RC4_MD5_EXPORT3 SSL 3.0 MD5 RC4 40 No No 7.5.0.7
All RC4_MD5_US SSL 3.0 MD5 RC4 128 No No 7.5.0.7
All RC4_SHA_US SSL 3.0 SHA-1 RC4 128 No No 7.5.0.7

WindowsLinuxUNIX

 RC4_56_SHA_EXPORT10244 SSL 3.0 SHA-1 RC4 56 No No 7.5.0.7
All TRIPLE_DES_SHA_US SSL 3.0 SHA-1 3DES 168 No No 7.5.0.8
All TLS_RSA_WITH_DES_CBC_SHA TLS 1.0 SHA-1 DES 56 No5 No 7.5.0.6

WindowsLinuxUNIX

 ECDHE_ECDSA_NULL_SHA256 TLS 1.2 SHA-1 None 0 No No 7.5.0.6

WindowsLinuxUNIX

 ECDHE_ECDSA_RC4_128_SHA256 TLS 1.2 SHA-1 RC4 128 No No 7.5.0.7

WindowsLinuxUNIX

 ECDHE_RSA_NULL_SHA256 TLS 1.2 SHA-1 None 0 No No 7.5.0.6

WindowsLinuxUNIX

 ECDHE_RSA_RC4_128_SHA256 TLS 1.2 SHA-1 RC4 128 No No 7.5.0.7

WindowsLinuxUNIX

 TLS_RSA_WITH_NULL_NULL TLS 1.2 None None 0 No No 7.5.0.6
All TLS_RSA_WITH_NULL_SHA256 TLS 1.2 SHA-256 None 0 No No 7.5.0.6

WindowsLinuxUNIX

 TLS_RSA_WITH_RC4_128_SHA256 TLS 1.2 SHA-1 RC4 128 No No 7.5.0.7
All TLS_RSA_WITH_3DES_EDE_CBC_SHA8 TLS 1.0 SHA-1 3DES 168 Yes No 7.5.0.8

WindowsLinuxUNIX

 ECDHE_ECDSA_3DES_EDE_CBC_SHA2568 TLS 1.2 SHA-1 3DES 168 Yes No 7.5.0.8

WindowsLinuxUNIX

 ECDHE_RSA_3DES_EDE_CBC_SHA2568 TLS 1.2 SHA-1 3DES 168 Yes No 7.5.0.8
Notes:
  1. If no specific platform is noted, the CipherSpec is available on all platforms.
  2. Specifies whether the CipherSpec is FIPS-certified on a FIPS-certified platform. See Federal Information Processing Standards (FIPS) for an explanation of FIPS.
  3. The maximum handshake key size is 512 bits. If either of the certificates exchanged during the SSL handshake has a key size greater than 512 bits, a temporary 512-bit key is generated for use during the handshake.
  4. The handshake key size is 1024 bits.
  5. This CipherSpec was FIPS 140-2 certified before 19 May 2007.
  6. This CipherSpec was FIPS 140-2 certified before 19 May 2007. The name FIPS_WITH_DES_CBC_SHA is historical and reflects the fact that this CipherSpec was previously (but is no longer) FIPS-compliant. This CipherSpec is deprecated and its use is not recommended.
  7. The name FIPS_WITH_3DES_EDE_CBC_SHA is historical and reflects the fact that this CipherSpec was previously (but is no longer) FIPS-compliant. The use of this CipherSpec is deprecated.
  8. This CipherSpec can be used to transfer up to 32 GB of data before the connection is terminated with error AMQ9288. To avoid this error, either avoid using triple DES, or enable secret key reset when using this CipherSpec.