| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Enable AES 256-bit encryption between IBM and Sun Java |
« View previous topic :: View next topic » |
| Author |
Message
|
| acNick |
 Posted: Sun Jan 27, 2008 8:34 pm Post subject: Enable AES 256-bit encryption between IBM and Sun Java |
 |
|
Newbie
Joined: 10 Oct 2007
Posts: 5
|
I have a project that has already implemented a 3-DES encrypted SSL connection between an MQ Server and Oracle Application Server. Now we wish to increase the encryption level to TLS AES 256. I have seen a number of articles that indicate this is not possible, but those articles have all references MQ 5.3.
Here is the current environment:
1 Server with MQ Server 6.0 on RHEL AS 4 Update 4 using IBM Java (included with MQ Server)
1 Server with Oracle Application Server 10.1.3.2 on RHEL AS 4 Update 4 using Sun Java 1.5.0_14.
I have installed the MQ Client software on the server with Oracle installed and using the IBM Java been able to connect to the MQ server with AES 256. However, Sun Java has failed to make that same connection. I have implemented the JCE in Sun as well.
I realize this is an MQ website, but I was hoping that someone may have encountered a similar situation and discovered a solution. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Mon Jan 28, 2008 3:28 am Post subject: Re: Enable AES 256-bit encryption between IBM and Sun Java |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| acNick wrote: |
| I have implemented the JCE in Sun as well. |
Can you be a little more specific? I thought that since Sun JRE 1.4 there was no need to install an additional JCE unless the specific crypto libraries you needed were not in the standard. I believe in version 1.5 the AES would be in the standard.
Are you by any chance trying something between the US and a foreign country? Remember cryptographic algorithm strengths are different for export...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| acNick |
| Posted: Mon Jan 28, 2008 8:33 am Post subject: |
|
|
Newbie
Joined: 10 Oct 2007
Posts: 5
|
The AES crypto libraries are provided in Sun 1.5, but they are not enabled by default. The Sun website specifies that to enable TLS and AES encryption, the JCE policies that provide "unlimited strength jurisdiction" must also be installed. This is simply two policy JAR files that replace two files files provided by default. It sounds silly, at least to me, for this to prevent the use of AES but that is what Sun indicated would be required to implement.
All servers are hosted within the US. |
|
| Back to top |
|
|
| acNick |
| Posted: Mon Jan 28, 2008 9:47 am Post subject: |
|
|
Newbie
Joined: 10 Oct 2007
Posts: 5
|
One more nugget of information.... the TLS encryption has to support FIPS 140-2 (U.S. N.I.S.T. requirement). 
This could likely be part of the problem I am having, as I understand that Sun Java 1.5 is not FIPS compliant, but there are not details (that I have found on the web) that indicate how to make Sun Java FIPS compliant. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
