How to use TLS with IBM MQ Connector

1. Create your Keystore and Truststore.

You could use several tools to perform this such as Keytool and OpenSSL.

2. Assign the Truststore and Keystore to the JVM using system properties.

-Djavax.net.ssl.trustStore=<location of trustStore>
-Djavax.net.ssl.keyStore=<location of keyStore>
-Djavax.net.ssl.keyStorePassword=<password><app>

3. Set the required Cipher Suite in the IBM MQ Connector.

In order to set up the CipherSuite to be used, you'll require to enable additional properties in the IBM MQ Connector.

To do so from the Anypoint Studio UI:

• On the Studio canvas click on the IBM MQ Connector and edit the Connector Configuration.
• Under the "General" menu, select the "Advanced" tab.
• Click on the "Additional Properties" checkbox.
• Click the plus button (+).
• On the Key placeholder set the following property "XMSC_WMQ_SSL_CIPHER_SUITE".
• On the value placeholder, set the desired CipherSuite.
• Click the "Finish" button.

<ibm-mq:config name="IBM_MQ_Config" doc:name="IBM MQ Config" doc:id="129fe500-0d2d-4700-9456-f188fa3a5df3" >
        <ibm-mq:connection targetClient="NO_JMS_COMPLIANT" >
            <ibm-mq:connection-mode >
                <ibm-mq:client host="localhost" queueManager="QM1" channel="DEV.APP.SVRCONN" />
            </ibm-mq:connection-mode>
            <ibm-mq:additional-properties >
                <ibm-mq:additional-property key="XMSC_WMQ_SSL_CIPHER_SUITE" value="SSL_RSA_WITH_AES_256_CBC_SHA256" />
            </ibm-mq:additional-properties>
        </ibm-mq:connection>
</ibm-mq:config>

Disclaimer: This solution provides a suggestion that should be considered in conjunction with your specific use-case and requirements and does not represent a complete solution for all circumstances. This method is applicable for IBM MQ Connector versions up to version 1.1.1.