WebSphere WebSphere Business Integration Message Service Clients for C/C++ Version 1.2.7 and .NET Version 1.2.6 Operating Systems: AIX, Linux, Solaris, Windows

Secure connections to a WebSphere MQ queue manager

To enable an XMS C, C++, or .NET application to make secure connections to a WebSphere MQ queue manager, the relevant properties must be defined in the ConnectionFactory object.

The protocol used in the encryption negotiation can be either Secure Sockets Layer (SSL) or Transport Layer Security (TLS), depending on which CipherSuite you specify in the ConnectionFactory object.

Each XMS process supports a maximum of one SSL connection. If you use XMS with the WebSphere MQ Version 5.3 client libraries, then you cannot make any further SSL connections to WebSphere MQ during the lifetime of the process. If you use the WebSphere MQ Version 6 client libraries then you can create a new SSL connection if you close any previous SSL connection first. Multiple concurrent SSL connections from the same process to the same or different queue managers are not permitted. If you attempt more than one request, you get the warning MQRC_SSL_ALREADY_INITIALIZED, which might mean that some requested parameters for the SSL connection were ignored. XMS explicitly does not allow multiple SSL connections in favour of security.

ConnectionFactory properties for connections via SSL to a WebSphere MQ manger, with a brief description, are shown in the following table;

Table 1. Properties of ConnectionFactory for connections to a WebSphere MQ queue manager via SSL
Name of property Description
XMSC_WMQ_SSL_CERT_STORES The locations of the servers that hold the certificate revocation lists (CRLs) to be used on an SSL connection to a queue manager.
XMSC_WMQ_SSL_CIPHER_SPEC The name of the cipher spec to be used on a secure connection to a queue manager.
XMSC_WMQ_SSL_CIPHER_SUITE The name of the CipherSuite to be used on an SSL or TLS connection to a queue manager. The protocol used in negotiating the secure connection depends on the specified CipherSuite.
XMSC_WMQ_SSL_CRYPTO_HW Configuration details for the cryptographic hardware connected to the client system.
XMSC_WMQ_SSL_FIPS_REQUIRED The value of this property determines whether an application can or cannot use non-FIPS compliant cipher suites. If this property is set to true, only FIPS algorithms are used for the client-server connection.
XMSC_WMQ_SSL_KEY_REPOSITORY The location of the key database file in which keys and certificates are stored.
XMSC_WMQ_SSL_KEY_RESETCOUNT The KeyResetCount represents the total number of unencrypted bytes sent and received within an SSL conversation before the secret key is renegotiated.
XMSC_WMQ_SSL_PEER_NAME The peer name to be used on an SSL connection to a queue manager.
Related reference
ConnectionFactory (for the C class)
ConnectionFactory (for the C++ class)
IConnectionFactory (for the .NET interface)
Properties of ConnectionFactory
Required properties for administered ConnectionFactory objects

Concept topic

Terms of Use | Rate this page

Last updated: 18 Jun 2008

© Copyright IBM Corporation 2005, 2008. All Rights Reserved.