ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » SSLSocketFactory vs SSLEngine

Post new topic  Reply to topic
 SSLSocketFactory vs SSLEngine « View previous topic :: View next topic » 
Author Message
tczielke
PostPosted: Tue Sep 10, 2019 4:55 pm    Post subject: SSLSocketFactory vs SSLEngine Reply with quote

Guardian

Joined: 08 Jul 2010
Posts: 939
Location: Illinois, USA

When using IBM MQ Classes for Java (base Java for short) or IBM MQ Classes for JMS (JMS for short), the programmer has the option to build their own SSLSocketFactory and attach it appropriately (e.g. MQEnvironment.sslSocketFactory for base Java) for MQ to use for an SSL/TLS MQ connection.

I was reading a JSSE reference document:

https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html

And I noticed that there is also an SSLEngine that can be used instead of the SSLSocketFactory. The doc also said that there can be performance improvements with using the SSLEngine over the SSLSocketFactory.

I did not see an option for building an SSLEngine for base Java or JMS for MQ, so was just curious if IBM had ever explored using the SSLEngine for IBM MQ base Java/JMS, in case anyone knows.
_________________
Working with MQ since 2010.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Wed Sep 11, 2019 12:43 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Isn't supplying -Djavax.net.ssl.keystore and the other SSL relevant parameters on the command line using the SSL Engine??
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
tczielke
PostPosted: Wed Sep 11, 2019 4:04 am    Post subject: Reply with quote

Guardian

Joined: 08 Jul 2010
Posts: 939
Location: Illinois, USA

fjb_saper wrote:
Isn't supplying -Djavax.net.ssl.keystore and the other SSL relevant parameters on the command line using the SSL Engine??


I wouldn't think so. When the programmer does not build and set the SSLSocketFactory, I would think the IBM MQ Java/JMS code makes a SSLSocketFactory.getDefault() call to build a default one. This default one would act on javax.net.ssl system properties in it is build.
_________________
Working with MQ since 2010.
Back to top
View user's profile Send private message
tczielke
PostPosted: Fri Sep 13, 2019 6:43 am    Post subject: Reply with quote

Guardian

Joined: 08 Jul 2010
Posts: 939
Location: Illinois, USA

I raised an RFE for IBM MQ to consider using the SSLEngine for the Java MQ client for performance reasons, assuming they are not using it already.

http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=136485

Please vote for the RFE if you would find it helpful.
_________________
Working with MQ since 2010.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » SSLSocketFactory vs SSLEngine
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.