You can now securely connect Pega Platform MQ connectors and services with IBM MQ servers by configuring SSL/TLS settings for an MQ Server data instance. You select Apply TCP security settings (SSL/TLS) on the MQ Server rule form, and choose the level of cryptographic security and the IBM MQ cipher suite for your requirements.

MQ Server data instance with SSL/TLS settings for connecting to IBM MQ servers

Secure SSL/TLS communication with IBM MQ servers is verified by using IBM MQ Client 9.0 libraries with an IBM JDK on Linux and Windows platforms. IBM provides the JVM argument: Dcom.ibm.mq.cfg.useIBMCipherMappings=false for cipher mapping compatibility with JREs from other vendors, such as Oracle JDK and OpenJDK.

To use stronger ciphers with Oracle JDK and OpenJDK JREs, you must install the Oracle Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. See the Oracle documentation to determine the correct JCE libraries to use in your environment.