ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » SUITEB property of QMgr

Post new topic  Reply to topic
 SUITEB property of QMgr « View previous topic :: View next topic » 
Author Message
sachinramesh
PostPosted: Thu May 18, 2023 10:04 am    Post subject: SUITEB property of QMgr Reply with quote

Centurion

Joined: 20 Feb 2007
Posts: 149

HI ,
I am trying to change my SUITEB value of the qmgr from 'none' to '128-bit' .
this is advised to do as per security baselines for me.
Do we need to do any refresh security for the changes to affect.
I tried checking google it only says to restart Mqxr service after the modification .we dont have this service.

Can someone guide me if the refresh will work or restart of the qmgr is needed.
Back to top
View user's profile Send private message Send e-mail
gbaddeley
PostPosted: Thu May 18, 2023 3:55 pm    Post subject: Reply with quote

Jedi

Joined: 25 Mar 2003
Posts: 2492
Location: Melbourne, Australia

https://www.ibm.com/docs/en/ibm-mq/9.3?topic=mq-configuring-suite-b
Implies qmgr restart only if MQXR (Telemetry) or AMQP (MQ Light client / open source) are being used. It is just an internal check on cipher spec compliance to particular EC signature algorithms. If an out of scope spec is attempted to be used, the MQ channel or connection will fail.
_________________
Glenn
Back to top
View user's profile Send private message
sachinramesh
PostPosted: Thu May 18, 2023 9:23 pm    Post subject: Reply with quote

Centurion

Joined: 20 Feb 2007
Posts: 149

Thanks Glenn for the reply ,we are not using telemetry or amqp service.
i just updated the suiteb value to 128 bit and done refresh security.

Just wondering if refresh security alone will be fine without any qmgr restart.
Dont see any issue with the channels till now.will have to wait and see.
Back to top
View user's profile Send private message Send e-mail
hughson
PostPosted: Sat May 20, 2023 1:05 am    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

gbaddeley wrote:
https://www.ibm.com/docs/en/ibm-mq/9.3?topic=mq-configuring-suite-b
Implies qmgr restart only if MQXR (Telemetry) or AMQP (MQ Light client / open source) are being used. It is just an internal check on cipher spec compliance to particular EC signature algorithms. If an out of scope spec is attempted to be used, the MQ channel or connection will fail.

sachinramesh wrote:
Thanks Glenn for the reply ,we are not using telemetry or amqp service.


Glenn's reply was telling you that the IBM docs show that you only needed to do a restart IF and ONLY IF you are using MQXR or AMQP. Since you are not, you don't need to do a queue manager refresh.

sachinramesh wrote:
i just updated the suiteb value to 128 bit and done refresh security.

Just wondering if refresh security alone will be fine without any qmgr restart.
Dont see any issue with the channels till now.will have to wait and see.


It is worth knowing that the REFRESH SECURITY TYPE(SSL) command is doing the same thing that would happen on a queue manager restart when it comes to updating the SSL/TLS environment when something in that environment has changed. If you have done a refresh you shouldn't need to do a restart and vice versa.

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
gbaddeley
PostPosted: Sun May 21, 2023 3:30 pm    Post subject: Reply with quote

Jedi

Joined: 25 Mar 2003
Posts: 2492
Location: Melbourne, Australia

sachinramesh wrote:
Thanks Glenn for the reply ,we are not using telemetry or amqp service.
i just updated the suiteb value to 128 bit and done refresh security.
Just wondering if refresh security alone will be fine without any qmgr restart.
Dont see any issue with the channels till now.will have to wait and see.

Do any channel definitions have SSLCIPH set to a non-blank value? Have you reviewed that the values are all SUITEB 128 bit compliant?
_________________
Glenn
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » SUITEB property of QMgr
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.