Annonce du FixPack 13 pour WMQ 7.0.1

jeudi 13 août 2015

Le FixPack 13 pour WMQ 7.0.1 est disponible.
Rappel : le support de MQ 7.0.1 s’arrête fin Septembre 2015.

Pour ceux qui utilisent SSL, à noter la neutralisation des CipherSpecs considérés comme faibles (extrait du ReadMe) :

Deprecation of support for weaker CipherSpecs

Changes have been made to the WebSphere MQ queue manager to disallow by default the configuration of CipherSpecs that use cryptographic algorithms or protocols that are now considered to be weak :

  • RC4_SHA_US
  • RC4_MD5_US
  • TRIPLE_DES_SHA_US
  • DES_SHA_EXPORT1024
  • RC4_56_SHA_EXPORT1024
  • RC4_MD5_EXPORT
  • RC2_MD5_EXPORT
  • DES_SHA_EXPORT
  • TLS_RSA_WITH_DES_CBC_SHA
  • NULL_SHA
  • NULL_MD5
  • FIPS_WITH_DES_CBC_SHA
  • FIPS_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_NULL_SHA256

These deprecated CipherSpecs are by default no longer permitted on MQ channel definitions. Attempting to use these CipherSpecs returns the following message : AMQ9635 : Channel did not specify a valid CipherSpec.

You can re-enable the deprecated CipherSpecs within the SSL stanza of the qm.ini file as follows :

SSL :
AllowWeakCipherSpec=Yes

You can also re-enable the deprecated CipherSpecs by setting or exporting to "Yes" the environment variable AMQ_SSL_WEAK_CIPHER_ENABLE.

This variable should be set or exported within the environment used to start the queue manager.

Defining this variable enables the deprecated CipherSpecs regardless of the
value specified in the qm.ini file.



Toutes les brèves du site