academy/mq-container
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update default TLS cipher for dev config to use TLS12 or higher

Browse Source 
The default cipher for the default developer config is ANY_TLS12. This restricts TLS communications to those channels to just TLS 1.2 ciphers and so does not allow people to connect clients with TLS 1.3. This is unnecessarily restrictive and so we should use ANY_TLS12_OR_HIGHER instead.
This commit is contained in:
arthur.barr@uk.ibm.com
2022-06-06 10:51:02 +01:00
committed by Arthur Barr
parent 0e18f17dc9
commit 163873d7a8
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
View File

@@ -1,4 +1,4 @@
* © Copyright IBM Corporation 2018, 2019
* © Copyright IBM Corporation 2018, 2022
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,5 +14,5 @@
* limitations under the License.
* Set the cipherspec for dev channels
ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12_OR_HIGHER) SSLCAUTH(OPTIONAL)
ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12_OR_HIGHER) SSLCAUTH(OPTIONAL)