In continuation to my earlier post: how to connect to queue manager with TLS enabled in ibm-mq
My IBM-MQ is configured to use SSL for cipher:TLS_RSA_WITH_AES_256_CBC_SHA256
ALTER CHL(MYSSL.SVRCONN) CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA256)
Wanted to know in my java code which is connecting to IBM-MQ configured in TLS, in below line:
MQEnvironment.sslCipherSuite = "TLS_RSA_WITH_AES_128_CBC_SHA256";
Is there any way where I can mention in my java client I will mention some generic cipher where I can connect to IBM-MQ by whatever cipher is mentioned in configuring IBM-MQ server channel.
I tried vice versa, like in IBM-MQ client I gave cipher name as "ANY" as its officially supported by ibm-mq in their supported cipher list:
ALTER CHL(MYSSL.SVRCONN) CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA256
So like in IBM-MQ side I can give ANY, I can connect to it by any cipher suite provided in my java client.
Is there any way where I can provide generic cipher like "ANY" at java client side? So that whatever cipher is configured at IBM-MQ side I can connect to it.
Thanks, Amit M
If you set any of the *ANY values on the client side you must have an ANY value on the queue manager side. You can have an ANY value on the queue manager a specific cipher on the client, but it won't work the other way.
I suggest you use ANY_TLS12_OR_HIGHER on the SVRCONN and *TLS12ORHIGHER on the java client. (Note the * is part of the the java cipher value)