ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » Changing to 2048/4096bit RSA certificates

Post new topic  Reply to topic
 Changing to 2048/4096bit RSA certificates « View previous topic :: View next topic » 
Author Message
unclehunty
PostPosted: Fri Dec 11, 2015 2:55 am    Post subject: Changing to 2048/4096bit RSA certificates Reply with quote

Newbie

Joined: 10 Jun 2009
Posts: 7

Listers,

I think I have a handle on this but want to confirm my understanding. We are looking to upgrade from 1024bit RSA to 2048 or 4096.

In testing this on MQ7.5.0.5 it all works fine. It connects to other QMs of the same version but with 1024 bit.

My question is, will other QMs in the external world be able to understand our cert even if they are still on a very old version (I know some are still on V5.3) ?

I have assumed, but can't find confirmation, that the handshake process will agree on a common secret encrypted with the pre-agreed cipher. From what I understand of the process this should mean that I can have any key length that my local code can handle and this will be fine with any version of MQ/GSKit in the outside world.

thanks
hunty
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Fri Dec 11, 2015 5:38 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

I don't believe 5.3 can handle a cert with a keysize > 1024...
Anyways you should have upgraded eons ago...
Especially if the process is so critical as to warrant using SSL ...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » Changing to 2048/4096bit RSA certificates
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.