| Author |
Message
|
| gopalsamant |
 Posted: Thu Sep 30, 2004 8:50 pm Post subject: set SSLcyphersuit in MQseries clinet which is in C |
 |
|
Novice
Joined: 24 Sep 2004
Posts: 17
|
| How do i set SSLcyphersuit in MQseries clinet which is in C. i could find help on setting this using java but no information on the same using C. Can some one please help. |
|
| Back to top |
|
 |
| siliconfish |
| Posted: Thu Sep 30, 2004 9:19 pm Post subject: |
|
|
Master
Joined: 12 Aug 2002
Posts: 203
Location: USA
|
| You can set SSLCipherSpec in MQCD structure in the MQCNO when using MQCONNX, or use the client channel definition table. |
|
| Back to top |
|
|
| gopalsamant |
| Posted: Thu Sep 30, 2004 9:32 pm Post subject: |
|
|
Novice
Joined: 24 Sep 2004
Posts: 17
|
Thanks, As per my understanding i need to do following program changes (My client program is in C).
1. set value for SSLKeyrepository
2. set value for sslciphersuite as "some value" which corresponds to the SSLcipherspec on the server setup.
Please help me with the second step or any other step if i have missed out. |
|
| Back to top |
|
|
| siliconfish |
| Posted: Thu Sep 30, 2004 9:46 pm Post subject: |
|
|
Master
Joined: 12 Aug 2002
Posts: 203
Location: USA
|
You will set SSLKeyrepository at queue manager level, it can be set in the client program using the KeyRepository field of the MQSCO structure.
It can be set on the client using the MQSSLKEYR environment variable.
| Quote: |
| set value for sslciphersuite as "some value" which corresponds to the SSLcipherspec on the server setup |
Yes same as the one mentioned in Server Connection Channel.
You have to also consider setting MQAIR for Authentication Information Objects in MQSCO if you are using LDAP server for storing Sertificate Revocation Lists.
Last edited by siliconfish on Thu Sep 30, 2004 10:22 pm; edited 2 times in total |
|
| Back to top |
|
|
| gopalsamant |
| Posted: Thu Sep 30, 2004 9:54 pm Post subject: |
|
|
Novice
Joined: 24 Sep 2004
Posts: 17
|
Ok, where is what my situation is. I have a client server setup. with the clinet program written in C. I want to make this SSL enabled, can you please provide me with steps required for the same. we have another application whoes client program is in java. the program changes they have done on client side is
1. set SSLkeyrepository
2. set stash path
3. set sslcipersuite using mqenviornment
Can you please tell me how i should go about this in my case. |
|
| Back to top |
|
|
| siliconfish |
| Posted: Thu Sep 30, 2004 10:21 pm Post subject: |
|
|
Master
Joined: 12 Aug 2002
Posts: 203
Location: USA
|
---I have modified my earlier post.
You can set the KeyRepository field of the MQSCO structure in the MQCONNX call.
or
SET MQSSLKEYR Environment Variable pointing to the path of the file without the extension.
Set SSLCipherSpec field of the MQCD structure referenced by MQCNO structure in MQCONNX.
or
Using the client Channel Definition table -- Set the SSLCIPH while creating the Client Connection Channel. |
|
| Back to top |
|
|
| gopalsamant |
| Posted: Thu Sep 30, 2004 10:41 pm Post subject: |
|
|
Novice
Joined: 24 Sep 2004
Posts: 17
|
| Do you mean i should set SSLCipherSpec field with the value "DES-CBC3-MD5:DES-CBC3-SHA:RC4-MD5" where "DES-CBC3-MD5" is the SSLcipherspec set on server or should i just pass the remaing value in the setup. |
|
| Back to top |
|
|
| siliconfish |
| Posted: Thu Sep 30, 2004 10:56 pm Post subject: |
|
|
Master
Joined: 12 Aug 2002
Posts: 203
Location: USA
|
| SSLCipherSpec must be same on both client and server. What I meant is u can setup ssl at program level or at the infrastructure level. |
|
| Back to top |
|
|
|
|
