Configuring TLS/SSL cipher mapping for IBM MQ connections

The IBM MQ Cipher Spec of the MQ client channel by name may differ from the Cipher Suite to be entered with the MainView Middleware Administrator (MVMA) MQ connection, and proper mapping of these names must be ensured if the names differ for the selected cipher. Additionally, cipher names may differ depending on the JRE used to run with MVMA. By default, MVMA runs with an Oracle JRE and the IBM MQ classes for Java API it relies on by default maps cipher suite names for the IBM JRE.

As of MQ 8.0.0.2, IBM supports configuring the IBM MQ classes for Java API to map cipher names for an Oracle JRE by setting the Java system property com.ibm.mq.cfg.useIBMCipherMappings to false. To overcome issues with setting up a TLS/SSL secured MQ connection if may be required to add that property to the MVMA wrapper.conf configuration file, as described in the following steps:

  1. Stop MVMA services.
  2. Open the wrapper.conf in the configuration sub-folder of the MVMA installation directory.
  3. Add the entry wrapper.java.additional.NN=-Dcom.ibm.mq.cfg.useIBMCipherMappings=false where NN is the highest number of the current entries of this type increased by one.
  4. Restart MVMA services.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*