ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Java / JMS » MQ TLS communication with Weblogic using foreign JMS

Post new topic  Reply to topic
 MQ TLS communication with Weblogic using foreign JMS « View previous topic :: View next topic » 
Author Message
pcmypc
PostPosted: Sun Jul 02, 2017 8:55 pm    Post subject: MQ TLS communication with Weblogic using foreign JMS Reply with quote

Newbie

Joined: 02 Jul 2017
Posts: 4

I am trying to connect to MQ from weblogic 12c server using foreign JMS( using .bindings file). But not able to figure out where to configure cipher suite in Weblogic for SSL/TLS communication. I know how to do it in java code. But have no clue how to specify it in Weblogic resources.

Any help will be highly appreciated.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Jul 03, 2017 4:31 am    Post subject: Re: MQ TLS communication with Weblogic using foreign JMS Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20695
Location: LI,NY

pcmypc wrote:
I am trying to connect to MQ from weblogic 12c server using foreign JMS( using .bindings file). But not able to figure out where to configure cipher suite in Weblogic for SSL/TLS communication. I know how to do it in java code. But have no clue how to specify it in Weblogic resources.

Any help will be highly appreciated.

Wouldn't that be part of the properties for the connectionFactory creation? Obviously you need to start Weblogic with the proper key and trust stores.
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
pcmypc
PostPosted: Mon Jul 03, 2017 7:25 am    Post subject: Re: MQ TLS communication with Weblogic using foreign JMS Reply with quote

Newbie

Joined: 02 Jul 2017
Posts: 4

fjb_saper wrote:
pcmypc wrote:
I am trying to connect to MQ from weblogic 12c server using foreign JMS( using .bindings file). But not able to figure out where to configure cipher suite in Weblogic for SSL/TLS communication. I know how to do it in java code. But have no clue how to specify it in Weblogic resources.

Any help will be highly appreciated.

Wouldn't that be part of the properties for the connectionFactory creation? Obviously you need to start Weblogic with the proper key and trust stores.


Thanks fjb_saper for your response. I do not see any properties in weblogic admin console to specify Cipher Suite for Connection factory. I have tried setting -Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_AES_128_CBC_SHA256 in weblogic server start up but that does not work for MQ Queue Connection Factory.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Jul 03, 2017 3:56 pm    Post subject: Re: MQ TLS communication with Weblogic using foreign JMS Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20695
Location: LI,NY

pcmypc wrote:
fjb_saper wrote:
pcmypc wrote:
I am trying to connect to MQ from weblogic 12c server using foreign JMS( using .bindings file). But not able to figure out where to configure cipher suite in Weblogic for SSL/TLS communication. I know how to do it in java code. But have no clue how to specify it in Weblogic resources.

Any help will be highly appreciated.

Wouldn't that be part of the properties for the connectionFactory creation? Obviously you need to start Weblogic with the proper key and trust stores.


Thanks fjb_saper for your response. I do not see any properties in weblogic admin console to specify Cipher Suite for Connection factory. I have tried setting -Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_AES_128_CBC_SHA256 in weblogic server start up but that does not work for MQ Queue Connection Factory.

It needs to be set as properties of the connection factory. Review the corresponding Resource Adapter documentation. And also review the part (search on Developerworks) about not using the IBM ciphersuite names...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
pcmypc
PostPosted: Mon Jul 03, 2017 6:20 pm    Post subject: Reply with quote

Newbie

Joined: 02 Jul 2017
Posts: 4

Thanks You, I will search in Developerworks. When I create connection factory for Foreign JMS module in weblogic, It does not have any option to specify cipher suite properties. There has to be some property that I can set at server start up, Or not sure if there is a way to specify cipher suite in bindings file.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Jul 03, 2017 7:41 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20695
Location: LI,NY

pcmypc wrote:
Thanks You, I will search in Developerworks. When I create connection factory for Foreign JMS module in weblogic, It does not have any option to specify cipher suite properties. There has to be some property that I can set at server start up, Or not sure if there is a way to specify cipher suite in bindings file.

NO NO NO.
You need to look into the Resource Adapter and the properties to set on the Connection Factory. One of them being the SSL_CipherSuite.
WebLogic at startup just needs to be told about the keystore and truststore.
The rest of the stuff needs to be set in the configuration for the connection factory. If need be use a CCDT URL for the connection factory setup and define the CipherSpec in the Client Channel.

See https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.0.0/com.ibm.mq.dev.doc/q031610_.htm
and
https://www.ibm.com/support/knowledgecenter/SSFKSJ_9.0.0/com.ibm.mq.dev.doc/q121520_.htm

Have fun
_________________
MQ & Broker admin


Last edited by fjb_saper on Mon Jul 03, 2017 8:01 pm; edited 1 time in total
Back to top
View user's profile Send private message Send e-mail
pcmypc
PostPosted: Mon Jul 03, 2017 7:56 pm    Post subject: Reply with quote

Newbie

Joined: 02 Jul 2017
Posts: 4

We have an existing application, which is not using MQ resource adapter and plan is to make it work through config changes either in Weblogic or in binding files. And not touching application code because there are almost 20 applications integrated with MQ. To make use of resource adapter I will have to make changes in code

Applications are connecting to the QM through .bindings file which is being referred from Foreign JMS module in Weblogic. Let's see if I can do something in .binding file.

Thanks
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Jul 03, 2017 8:37 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20695
Location: LI,NY

Also read carefully:
https://www.ibm.com/developerworks/community/blogs/messaging/entry/MQ_Java_TLS_Ciphers_Non_IBM_JREs_APARs_IT06775_IV66840_IT09423_IT10837_HELP_ME_PLEASE?lang=en

and

TLS cipherspecs and ciphersuites for JMS

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Java / JMS » MQ TLS communication with Weblogic using foreign JMS
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.