| Author |
Message
|
| bcostacurta |
 Posted: Mon Jan 04, 2010 7:11 am Post subject: How to verify correct client connection SSL encryption ? |
 |
|
Acolyte
Joined: 10 Dec 2009
Posts: 71
Location: Luxembourg
|
Dears,
how to verify a correct encryption on a client connection ?
Server platform is Solaris.
Clients platform are Solaris and Windows XP.
Bye,
Bruno |
|
| Back to top |
|
 |
| Vitor |
| Posted: Mon Jan 04, 2010 7:15 am Post subject: Re: How to verify correct client connection SSL encryption ? |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| bcostacurta wrote: |
| Dears, |
Yes darling? 
| bcostacurta wrote: |
| how to verify a correct encryption on a client connection ? |
Start the connection.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| bcostacurta |
| Posted: Mon Jan 04, 2010 7:47 am Post subject: |
|
|
Acolyte
Joined: 10 Dec 2009
Posts: 71
Location: Luxembourg
|
(Well thanks for the 'darling' .. really appreciated as a mark of respect of course  )
Yes I'm able to connect / open queue/ post message via a Perl script using MQCONNX as a MQ client with needed params like cipher, client channel name ..etc...
The script execution is fine and indeed I retrieve my message in the destination queue
But, after all, how to guarantee message flow is encrypted ?
Maybe a protocol sniffer ?
Or are the correct client connection (my script pause and I can see the client connection on the channel) and/or script execution really secure and enough for acceptance ?
This messaging architecture is dedicated to a financial environment and I would like to be sure I can promote it to the security and network dept. for production ready-to-go validation.
Thanks.
Bye,
Bruno |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Jan 04, 2010 7:55 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
A network sniffer would allow you to see the network flow.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Jan 04, 2010 7:56 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
If you have serious concerns that IBM have in some way botched the implementation of this technology then you could try pulling the information off the wire.
Or you could try providing the wrong certificate and see if the channel still starts & messages flow normally. No, wait, you've already tested that (according to your previous posts).
Do you also plan to go through the queue manager logs to ensure persistent messages are being stored correctly?
WMQ is used by a large number of financial institutions, some sizeable and well known. I've set it up at a number of them. I tend to be more concerned that the certificates are handled & secured properly than the software working, as that's a much more realistic security risk and one more likely to engage the minds of this validation deptartment of yours.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| zpat |
| Posted: Mon Jan 04, 2010 8:34 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Maybe some sort of IP trace would show encrypted data.
I would be inclined to let the network or security team verify this over the network link, if they want to - since they would have the tools to do so.
If they don't have the tools then they can't prove it either way. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Mon Jan 04, 2010 9:53 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
Check out the Presentation section
The MQSeries SSL Tutorial, although for 5.3 contains instructions how to setup a non SSL connection with a port redirector and then how to enable SSL and then see the encrypted traffic flow... enjoy...
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| markiecork |
| Posted: Mon Apr 19, 2010 3:21 am Post subject: |
|
|
Newbie
Joined: 18 Apr 2010
Posts: 4
|
| Quote: |
| A network sniffer would allow you to see the network flow. |
can you tell me what is network sniffer.
How network sniffer allow you to see the network flow?
_________________
r4 dsi |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Apr 19, 2010 5:30 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
did you go to google and search for 'network sniffer'? what did your search reveal?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
