TLS cipher suites configuration in TIBCO ActiveMatrix BusinessWorks Plug-in for WebSphere MQ.
Article ID: KB0093626
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks Plug-in for IBM MQ | - |
| Not Applicable | - |
Description
Resolution:
In TIBCO ActiveMatrix BusinessWorks Plug-in for WebSphere MQ connection resource, there is a cipher suite you can select when TLS is enabled. That is the suite that the MQ plug-in JVM will use to connect to an MQ server. There is also a cipher specification in the IBM MQ server channel SSL configuration. The table below shows the configuration map between those two. As of now, the plugin supports these ciphers when installed on a 7.5 client and connecting to a 7.5 server. The matched column means that they would be usable in a connection. The IBM JRE supports more than Oracle's. This is mostly due to the way IBM chose to name their cipher suites.
In TIBCO ActiveMatrix BusinessWorks Plug-in for WebSphere MQ connection resource, there is a cipher suite you can select when TLS is enabled. That is the suite that the MQ plug-in JVM will use to connect to an MQ server. There is also a cipher specification in the IBM MQ server channel SSL configuration. The table below shows the configuration map between those two. As of now, the plugin supports these ciphers when installed on a 7.5 client and connecting to a 7.5 server. The matched column means that they would be usable in a connection. The IBM JRE supports more than Oracle's. This is mostly due to the way IBM chose to name their cipher suites.
Table of IBM's cipher specs to Java suites running on an IBM 1.7 JRE with Unlimited Cipher policies.
| Cipher Specs | Cipher suites | Matched? |
| TLS_RSA_WITH_AES_256_CBC_SHA256 | SSL_RSA_WITH_AES_256_CBC_SHA256 | matched |
| NULL_MD5 | SSL_RSA_WITH_NULL_MD5 | matched |
| FIPS_WITH_3DES_EDE_CBC_SHA | SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA | matched |
| DES_SHA_EXPORT1024 | SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA | |
| TLS_RSA_WITH_AES_128_CBC_SHA256 | SSL_RSA_WITH_AES_128_CBC_SHA256 | matched |
| RC4_MD5_EXPORT | SSL_RSA_EXPORT_WITH_RC4_40_MD5 | matched |
| RC2_MD5_EXPORT | SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | |
| RC4_SHA_US | SSL_RSA_WITH_RC4_128_SHA | matched |
| NULL_SHA | SSL_RSA_WITH_NULL_SHA | matched |
| DES_SHA_EXPORT | SSL_RSA_WITH_DES_CBC_SHA | matched |
| TLS_RSA_WITH_NULL_SHA256 | SSL_RSA_WITH_NULL_SHA256 | matched |
| TLS_RSA_WITH_AES_128_CBC_SHA | SSL_RSA_WITH_AES_128_CBC_SHA | matched |
| TLS_RSA_WITH_AES_256_CBC_SHA | SSL_RSA_WITH_AES_256_CBC_SHA | matched |
| FIPS_WITH_DES_CBC_SHA | SSL_RSA_FIPS_WITH_DES_CBC_SHA | matched |
| RC4_MD5_US | SSL_RSA_WITH_RC4_128_MD5 | matched |
| TRIPLE_DES_SHA_US | SSL_RSA_WITH_3DES_EDE_CBC_SHA | matched |
| RC4_56_SHA_EXPORT1024 | SSL_RSA_EXPORT1024_WITH_RC4_56_SHA | |
| Table of IBM's
cipher specs to Java suites runnint on an Oracle JRE 1.7 with Unlimited Cipher policies. | ||
| TLS_RSA_WITH_AES_256_CBC_SHA256 | SSL_RSA_WITH_AES_256_CBC_SHA256 | |
| NULL_MD5 | SSL_RSA_WITH_NULL_MD5 | matched |
| FIPS_WITH_3DES_EDE_CBC_SHA | SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA | |
| DES_SHA_EXPORT1024 | SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA | |
| TLS_RSA_WITH_AES_128_CBC_SHA256 | SSL_RSA_WITH_AES_128_CBC_SHA256 | |
| RC4_MD5_EXPORT | SSL_RSA_EXPORT_WITH_RC4_40_MD5 | matched |
| RC2_MD5_EXPORT | SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | |
| RC4_SHA_US | SSL_RSA_WITH_RC4_128_SHA | matched |
| NULL_SHA | SSL_RSA_WITH_NULL_SHA | matched |
| DES_SHA_EXPORT | SSL_RSA_WITH_DES_CBC_SHA | matched |
| TLS_RSA_WITH_NULL_SHA256 | SSL_RSA_WITH_NULL_SHA256 | |
| TLS_RSA_WITH_AES_128_CBC_SHA | SSL_RSA_WITH_AES_128_CBC_SHA | |
| TLS_RSA_WITH_AES_256_CBC_SHA | SSL_RSA_WITH_AES_256_CBC_SHA | |
| FIPS_WITH_DES_CBC_SHA | SSL_RSA_FIPS_WITH_DES_CBC_SHA | |
| RC4_MD5_US | SSL_RSA_WITH_RC4_128_MD5 | matched |
| TRIPLE_DES_SHA_US | SSL_RSA_WITH_3DES_EDE_CBC_SHA | matched |
| RC4_56_SHA_EXPORT1024 | SSL_RSA_EXPORT1024_WITH_RC4_56_SHA | |
| The "matched" column indicates whether the cipher suite was available to the current JRE. | ||
Issue/Introduction
TLS cipher suites configuration in TIBCO ActiveMatrix BusinessWorks Plug-in for WebSphere MQ.
Additional Information
Feedback
Yes
No
Powered by
