ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Java / JMS » SSL/TLS: connecting to version 6 qmgr using client channel

Post new topic  Reply to topic
 SSL/TLS: connecting to version 6 qmgr using client channel « View previous topic :: View next topic » 
Author Message
relheop
PostPosted: Sun May 13, 2007 1:09 pm    Post subject: SSL/TLS: connecting to version 6 qmgr using client channel Reply with quote

Apprentice

Joined: 30 Jan 2003
Posts: 40
Can I connect to V6 queue manager with V5.3 and V6 clients using the same client channel and SSL?

Test results:

1. V5.3 "C" client (via channel tab) -> V6.0 Queue manager works fine with TRIPLE_DES_SHA_US. However, you cannot create a channel tab for a 5.3 client with a Cipher Spec of TLS_RSA_WITH_3DES_EDE_CBC_SHA. This is because it is not one of the MQ5.3 supported Ciphers.

2. V5.3 JMS client (via JNDI) -> V6.0 queue manager works fine with TLS_RSA_WITH_3DES_EDE_CBC_SHA. However if JNDI uses SSL_RSA_WITH_3DES_EDE_CBC_SHA (the V5.3 equivalent of TRIPLE_DES_SHA_US) we get the probelm that is described in the IBM report (namely that Sun Java tries to negotiate using TLS protocol with MQ 5.3 QMs.It then successfully renegotiates down to SSLv3 but V6.0 QMs remain at TLS (since they support TLS now) - thus making the SSL_* ciphers invalid.

3.V6.0 JMS client (via JNDI) to V6.0 queue manager works fine with SSL_RSA_WITH_3DES_EDE_CBC_SHA but we could not get it to work with TLS_RSA_WITH_3DES_EDE_CBC_SHA.

It appears that the only temporary work around is to have a dedicated SVRCONN for 5.3 JMS clients that use Sun Java.

Is that right, or can I use environment variable SSLFIPS=YES to solve the problem?

Any suggestions?
Juergen
Back to top
View user's profile Send private message
ourtown
PostPosted: Tue May 22, 2007 7:55 am    Post subject: Reply with quote

Acolyte

Joined: 05 Feb 2002
Posts: 67
Location: Somerset, NJ
Not to answer your question but the following may be useful

WebSphere MQ V6 Java and JMS clients and the client channel definition table

http://www-128.ibm.com/developerworks/websphere/library/techarticles/0506_barrago/0506_barrago.html
_________________
Brian S. Crabtree
WBI Consultant
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Java / JMS » SSL/TLS: connecting to version 6 qmgr using client channel
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.