ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportIIB 10 Toolkit ad TLS Hostname checking

Post new topicReply to topic
IIB 10 Toolkit ad TLS Hostname checking View previous topic :: View next topic
Author Message
PeterPotkay
PostPosted: Mon Oct 21, 2019 3:32 pm Post subject: IIB 10 Toolkit ad TLS Hostname checking Reply with quote

Poobah

Joined: 15 May 2001
Posts: 7582

Is there a way to tell the IIB Toolkit to enforce hostname checking on the TLS handshake with the Integration Node?

Our testing indicates that if the Toolkit's truststore has the Certificate Authority's root and intermediate certs the Toolkit will accept any valid cert signed by that CA even if the cert's SAN field does not have the hostname the Toolkit used to get to that Integration Node.
_________________
Peter Potkay
Keep Calm and MQ On
Back to top
View user's profile Send private message
PeterPotkay
PostPosted: Thu Oct 24, 2019 11:12 am Post subject: Reply with quote

Poobah

Joined: 15 May 2001
Posts: 7582

The results of my Case with IBM on this topic:

Quote:

Currently our toolkit connection which is completely based on Eclipse toolkit does not unfortunately provide hostname checking feature.

You may try third-party plugin if one is available for eclipse. If you want to see this feature in future releases of the product, please open RFE


Please vote for my RFE if you would like the IIB Toolkit to do TLS hostname checking.
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=137585
_________________
Peter Potkay
Keep Calm and MQ On
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportIIB 10 Toolkit ad TLS Hostname checking
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.