ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » Cipherspec negotiation

Post new topic  Reply to topic
 Cipherspec negotiation « View previous topic :: View next topic » 
Author Message
jcv
PostPosted: Fri Sep 18, 2015 9:02 am    Post subject: Cipherspec negotiation Reply with quote

Chevalier

Joined: 07 May 2007
Posts: 411
Location: Zagreb
There are two RFEs, for which I have both voted:

http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=28671 , and its duplicate:
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=75962

That reminded me of the fact that ServerConnectionParms of CHANNELS stanza of mqclient.ini, as well as its equivalent, the MQSERVER environment variable, define so called simple minimal CLNTCONN channel, that is one in which (among other things) SSLCIPH attribute is not set, which is supposed to give some kind of explanation why mq client in that case doesn't do SSL negotiation, even though SVRCONN requires it, and all other prerequisites are present on the client side. That doesn't make much sense in view of negotiable SSLCIPHs.

Not that it particularly interests me, since both ServerConnectionParms and MQSERVER are not relevant to WebSphere MQ classes for JMS, that's probably reason why other people didn't pay much attention to that fact too. Right?

Last edited by jcv on Mon Sep 28, 2015 7:44 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
jcv
PostPosted: Thu Sep 24, 2015 1:10 am    Post subject: Reply with quote

Chevalier

Joined: 07 May 2007
Posts: 411
Location: Zagreb
OK, things that don't make sense to me, doesn't neccessarily mean don't make sense to other people. In that setup client would miss the ability to match server's SSLPEER too, and the idea of negotiation in which the side that initiates connection can/must accept terms of the side that accepts connection, if it really wants to establish connection, and there is no SSLCIPH on which they both agree, such as in case of simple minimal CLNTCONN, when there is no possibility to specify one on client side, may be not acceptable to some people.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » Cipherspec negotiation
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.