From 1aab07c6ed190929a46fa9f1a277f71752225996 Mon Sep 17 00:00:00 2001
From: Rob Parker <parrobe@uk.ibm.com>
Date: Wed, 28 Aug 2019 17:01:15 +0100
Subject: [PATCH] set CipherSpec to ANY_TLS12 and refresh security (#362)

---
 cmd/runmqserver/tls.go                               | 5 +----
 etc/mqm/15-tls.mqsc.tpl                              | 2 +-
 incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl | 4 ++--
 3 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/cmd/runmqserver/tls.go b/cmd/runmqserver/tls.go
index e82a95d..b129127 100644
--- a/cmd/runmqserver/tls.go
+++ b/cmd/runmqserver/tls.go
@@ -73,12 +73,9 @@ func configureWebTLS(label string) error {
 func configureTLSDev() error {
 	const mqsc string = "/etc/mqm/20-dev-tls.mqsc"
 	const mqscTemplate string = mqsc + ".tpl"
-	const sslCipherSpec string = "TLS_RSA_WITH_AES_128_CBC_SHA256"
 
 	if os.Getenv("MQ_DEV") == "true" {
-		err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{
-			"SSLCipherSpec": sslCipherSpec,
-		}, log)
+		err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{}, log)
 		if err != nil {
 			return err
 		}
diff --git a/etc/mqm/15-tls.mqsc.tpl b/etc/mqm/15-tls.mqsc.tpl
index 12915e4..745f10b 100644
--- a/etc/mqm/15-tls.mqsc.tpl
+++ b/etc/mqm/15-tls.mqsc.tpl
@@ -16,4 +16,4 @@
 * Set the keystore location for the queue manager
 ALTER QMGR SSLKEYR('{{ .SSLKeyR }}')
 ALTER QMGR CERTLABL('{{ .CertificateLabel }}')
-
+REFRESH SECURITY(*) TYPE(SSL)
diff --git a/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl b/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
index b2539b2..96dab79 100644
--- a/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
+++ b/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
@@ -14,5 +14,5 @@
 * limitations under the License.
 
 * Set the cipherspec for dev channels
-ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
-ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)