From 163873d7a856141925665f83b7410641628ace18 Mon Sep 17 00:00:00 2001
From: "arthur.barr@uk.ibm.com" <arthur.barr@uk.ibm.com>
Date: Mon, 6 Jun 2022 10:51:02 +0100
Subject: [PATCH] Update default TLS cipher for dev config to use TLS12 or
 higher

The default cipher for the default developer config is ANY_TLS12. This restricts TLS communications to those channels to just TLS 1.2 ciphers and so does not allow people to connect clients with TLS 1.3. This is unnecessarily restrictive and so we should use ANY_TLS12_OR_HIGHER instead.
---
 incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl b/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
index 96dab79..1592ade 100644
--- a/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
+++ b/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
@@ -1,4 +1,4 @@
-* © Copyright IBM Corporation 2018, 2019
+* © Copyright IBM Corporation 2018, 2022
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,5 +14,5 @@
 * limitations under the License.
 
 * Set the cipherspec for dev channels
-ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
-ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12_OR_HIGHER) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12_OR_HIGHER) SSLCAUTH(OPTIONAL)