set CipherSpec to ANY_TLS12 and refresh security (#362)

ibm-messaging · Aug 29, 2019 · 2829130 · 2829130
1 parent 4da7c60
commit 2829130
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 7 deletions.
diff --git a/cmd/runmqserver/tls.go b/cmd/runmqserver/tls.go
@@ -73,12 +73,9 @@ func configureWebTLS(label string) error {
 func configureTLSDev() error {
 	const mqsc string = "/etc/mqm/20-dev-tls.mqsc"
 	const mqscTemplate string = mqsc + ".tpl"
-	const sslCipherSpec string = "TLS_RSA_WITH_AES_128_CBC_SHA256"
 
 	if os.Getenv("MQ_DEV") == "true" {
-		err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{
-			"SSLCipherSpec": sslCipherSpec,
-		}, log)
+		err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{}, log)
 		if err != nil {
 			return err
 		}

diff --git a/etc/mqm/15-tls.mqsc.tpl b/etc/mqm/15-tls.mqsc.tpl
@@ -16,4 +16,4 @@
 * Set the keystore location for the queue manager
 ALTER QMGR SSLKEYR('{{ .SSLKeyR }}')
 ALTER QMGR CERTLABL('{{ .CertificateLabel }}')
-
+REFRESH SECURITY(*) TYPE(SSL)
diff --git a/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl b/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
@@ -14,5 +14,5 @@
 * limitations under the License.
 
 * Set the cipherspec for dev channels
-ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
-ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)