| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SSL - Authentication and Encryption |
« View previous topic :: View next topic » |
| Author |
Message
|
| jonny |
 Posted: Wed Nov 03, 2004 6:08 am Post subject: SSL - Authentication and Encryption |
 |
|
Acolyte
Joined: 03 Jul 2003
Posts: 57
|
Hi,
If I want to use SSL just for channel authentication, and I don't want messages to encrypted over the channel, what CipherSpec should I use?
Would NULL_MD5 and NULL_SHA b e the answer?
Thanks |
|
| Back to top |
|
 |
| bbburson |
| Posted: Wed Nov 03, 2004 8:19 am Post subject: Re: SSL - Authentication and Encryption |
|
|
Partisan
Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager
|
| jonny wrote: |
| Would NULL_MD5 and NULL_SHA b e the answer? |
Yep |
|
| Back to top |
|
|
| jonny |
| Posted: Thu Nov 04, 2004 8:16 am Post subject: |
|
|
Acolyte
Joined: 03 Jul 2003
Posts: 57
|
|
| Back to top |
|
|
| cloud9 |
| Posted: Thu Dec 16, 2004 6:40 am Post subject: |
|
|
Novice
Joined: 18 Jul 2003
Posts: 13
Location: Jacksonville, FL
|
| I have the same need, so this post is very helpful. However, I am wondering if using NULL_MD5 or NULL_SHA would compromise the actual MQClient authentication process during the channel connect SSL handshake. Anybody know ?? |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Thu Dec 16, 2004 9:49 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
I don't exactly know how what you described can be called authentication. If on a MQ Client box you setup a connection with NULL_MD5 and NULL_SHA then I can copy that key store (key.sto) file to 25 other MQ Client boxes and they will all successfully connect.
How exactly did you obtain authentication?
Regards,
Roger Lacroix
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| cloud9 |
| Posted: Mon Dec 20, 2004 7:10 am Post subject: |
|
|
Novice
Joined: 18 Jul 2003
Posts: 13
Location: Jacksonville, FL
|
| I believe he is authenticating with the certificates. If you are able to steal his certs to install on another system, then you must have already compromised the security on one of his systems. But, if he keeps his key store secure, then his authentication process should be secure. The only way you might steal and copy his cert is by eaves dropping on his network, and this part I'm not sure of .... is the cert encrypted before transmission over the net when you set CipherSpec to NULL_MD5 or NULL_SHA ??? That is what I mean by asking, if this compromises the authentication process. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
