ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » SSL - Authentication and Encryption

Post new topic  Reply to topic
 SSL - Authentication and Encryption « View previous topic :: View next topic » 
Author Message
jonny
PostPosted: Wed Nov 03, 2004 6:08 am    Post subject: SSL - Authentication and Encryption Reply with quote

Acolyte

Joined: 03 Jul 2003
Posts: 57

Hi,

If I want to use SSL just for channel authentication, and I don't want messages to encrypted over the channel, what CipherSpec should I use?

Would NULL_MD5 and NULL_SHA b e the answer?

Thanks
Back to top
View user's profile Send private message
bbburson
PostPosted: Wed Nov 03, 2004 8:19 am    Post subject: Re: SSL - Authentication and Encryption Reply with quote

Partisan

Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager

jonny wrote:
Would NULL_MD5 and NULL_SHA b e the answer?


Yep
Back to top
View user's profile Send private message
jonny
PostPosted: Thu Nov 04, 2004 8:16 am    Post subject: Reply with quote

Acolyte

Joined: 03 Jul 2003
Posts: 57

Thanks
Back to top
View user's profile Send private message
cloud9
PostPosted: Thu Dec 16, 2004 6:40 am    Post subject: Reply with quote

Novice

Joined: 18 Jul 2003
Posts: 13
Location: Jacksonville, FL

I have the same need, so this post is very helpful. However, I am wondering if using NULL_MD5 or NULL_SHA would compromise the actual MQClient authentication process during the channel connect SSL handshake. Anybody know ??
Back to top
View user's profile Send private message Send e-mail
RogerLacroix
PostPosted: Thu Dec 16, 2004 9:49 am    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada

Hi,

I don't exactly know how what you described can be called authentication. If on a MQ Client box you setup a connection with NULL_MD5 and NULL_SHA then I can copy that key store (key.sto) file to 25 other MQ Client boxes and they will all successfully connect.

How exactly did you obtain authentication?

Regards,
Roger Lacroix
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
cloud9
PostPosted: Mon Dec 20, 2004 7:10 am    Post subject: Reply with quote

Novice

Joined: 18 Jul 2003
Posts: 13
Location: Jacksonville, FL

I believe he is authenticating with the certificates. If you are able to steal his certs to install on another system, then you must have already compromised the security on one of his systems. But, if he keeps his key store secure, then his authentication process should be secure. The only way you might steal and copy his cert is by eaves dropping on his network, and this part I'm not sure of .... is the cert encrypted before transmission over the net when you set CipherSpec to NULL_MD5 or NULL_SHA ??? That is what I mean by asking, if this compromises the authentication process.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » SSL - Authentication and Encryption
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.