Posted: Fri Dec 11, 2015 2:55 am Post subject: Changing to 2048/4096bit RSA certificates
Newbie
Joined: 10 Jun 2009 Posts: 7
Listers,
I think I have a handle on this but want to confirm my understanding. We are looking to upgrade from 1024bit RSA to 2048 or 4096.
In testing this on MQ7.5.0.5 it all works fine. It connects to other QMs of the same version but with 1024 bit.
My question is, will other QMs in the external world be able to understand our cert even if they are still on a very old version (I know some are still on V5.3) ?
I have assumed, but can't find confirmation, that the handshake process will agree on a common secret encrypted with the pre-agreed cipher. From what I understand of the process this should mean that I can have any key length that my local code can handle and this will be fine with any version of MQ/GSKit in the outside world.
I don't believe 5.3 can handle a cert with a keysize > 1024...
Anyways you should have upgraded eons ago...
Especially if the process is so critical as to warrant using SSL ... _________________ MQ & Broker admin
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum