| Author |
Message
|
| pcmypc |
 Posted: Sun Jul 02, 2017 8:55 pm Post subject: MQ TLS communication with Weblogic using foreign JMS |
 |
|
Newbie
Joined: 02 Jul 2017
Posts: 4
|
I am trying to connect to MQ from weblogic 12c server using foreign JMS( using .bindings file). But not able to figure out where to configure cipher suite in Weblogic for SSL/TLS communication. I know how to do it in java code. But have no clue how to specify it in Weblogic resources.
Any help will be highly appreciated. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Mon Jul 03, 2017 4:31 am Post subject: Re: MQ TLS communication with Weblogic using foreign JMS |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| pcmypc wrote: |
I am trying to connect to MQ from weblogic 12c server using foreign JMS( using .bindings file). But not able to figure out where to configure cipher suite in Weblogic for SSL/TLS communication. I know how to do it in java code. But have no clue how to specify it in Weblogic resources.
Any help will be highly appreciated. |
Wouldn't that be part of the properties for the connectionFactory creation? Obviously you need to start Weblogic with the proper key and trust stores. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| pcmypc |
| Posted: Mon Jul 03, 2017 7:25 am Post subject: Re: MQ TLS communication with Weblogic using foreign JMS |
|
|
Newbie
Joined: 02 Jul 2017
Posts: 4
|
| fjb_saper wrote: |
| pcmypc wrote: |
I am trying to connect to MQ from weblogic 12c server using foreign JMS( using .bindings file). But not able to figure out where to configure cipher suite in Weblogic for SSL/TLS communication. I know how to do it in java code. But have no clue how to specify it in Weblogic resources.
Any help will be highly appreciated. |
Wouldn't that be part of the properties for the connectionFactory creation? Obviously you need to start Weblogic with the proper key and trust stores. |
Thanks fjb_saper for your response. I do not see any properties in weblogic admin console to specify Cipher Suite for Connection factory. I have tried setting -Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_AES_128_CBC_SHA256 in weblogic server start up but that does not work for MQ Queue Connection Factory. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jul 03, 2017 3:56 pm Post subject: Re: MQ TLS communication with Weblogic using foreign JMS |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| pcmypc wrote: |
| fjb_saper wrote: |
| pcmypc wrote: |
I am trying to connect to MQ from weblogic 12c server using foreign JMS( using .bindings file). But not able to figure out where to configure cipher suite in Weblogic for SSL/TLS communication. I know how to do it in java code. But have no clue how to specify it in Weblogic resources.
Any help will be highly appreciated. |
Wouldn't that be part of the properties for the connectionFactory creation? Obviously you need to start Weblogic with the proper key and trust stores. |
Thanks fjb_saper for your response. I do not see any properties in weblogic admin console to specify Cipher Suite for Connection factory. I have tried setting -Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_AES_128_CBC_SHA256 in weblogic server start up but that does not work for MQ Queue Connection Factory. |
It needs to be set as properties of the connection factory. Review the corresponding Resource Adapter documentation. And also review the part (search on Developerworks) about not using the IBM ciphersuite names...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| pcmypc |
| Posted: Mon Jul 03, 2017 6:20 pm Post subject: |
|
|
Newbie
Joined: 02 Jul 2017
Posts: 4
|
| Thanks You, I will search in Developerworks. When I create connection factory for Foreign JMS module in weblogic, It does not have any option to specify cipher suite properties. There has to be some property that I can set at server start up, Or not sure if there is a way to specify cipher suite in bindings file. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jul 03, 2017 7:41 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| pcmypc wrote: |
| Thanks You, I will search in Developerworks. When I create connection factory for Foreign JMS module in weblogic, It does not have any option to specify cipher suite properties. There has to be some property that I can set at server start up, Or not sure if there is a way to specify cipher suite in bindings file. |
NO NO NO.
You need to look into the Resource Adapter and the properties to set on the Connection Factory. One of them being the SSL_CipherSuite.
WebLogic at startup just needs to be told about the keystore and truststore.
The rest of the stuff needs to be set in the configuration for the connection factory. If need be use a CCDT URL for the connection factory setup and define the CipherSpec in the Client Channel.
See https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.0.0/com.ibm.mq.dev.doc/q031610_.htm
and
https://www.ibm.com/support/knowledgecenter/SSFKSJ_9.0.0/com.ibm.mq.dev.doc/q121520_.htm
Have fun
_________________
MQ & Broker admin
Last edited by fjb_saper on Mon Jul 03, 2017 8:01 pm; edited 1 time in total |
|
| Back to top |
|
|
| pcmypc |
| Posted: Mon Jul 03, 2017 7:56 pm Post subject: |
|
|
Newbie
Joined: 02 Jul 2017
Posts: 4
|
We have an existing application, which is not using MQ resource adapter and plan is to make it work through config changes either in Weblogic or in binding files. And not touching application code because there are almost 20 applications integrated with MQ. To make use of resource adapter I will have to make changes in code 
Applications are connecting to the QM through .bindings file which is being referred from Foreign JMS module in Weblogic. Let's see if I can do something in .binding file.
Thanks |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jul 03, 2017 8:37 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
|
| Back to top |
|
|
|
|
