WebSphere WebSphere Business Integration Message Service Clients for C/C++ Version 1.2.7 and .NET Version 1.2.6 Operating Systems: AIX, Linux, Solaris, Windows

Secure connections to a WebSphere service integration bus messaging engine

To enable an XMS C/C++ application to make secure connections to a WebSphere service integration bus messaging engine, the relevant properties must be defined in the ConnectionFactory object.

XMS provides SSL and HTTPS support for connections to a WebSphere service integration bus. SSL and HTTPS provide secure connections for authentication and confidentiality.

Like WebSphere security, XMS security is configured with respect to JSSE security standards and naming conventions, which include the use of CipherSuites to specify the algorithms that are used when negotiating a secure connection. The protocol used in the encryption negotiation can be either SSL or TLS, depending on which CipherSuite you specify in the ConnectionFactory object.

The security capabilities for XMS C/C++ application are provided by IBM's standard security enablement component, Global Security Kit (GSKit). XMS configures the relevant GSKit options by means of properties set on the XMS ConnectionFactory object. These properties must be specified regardless of whether the ConnectionFactory object is an administered object.

Table 1 lists the properties that must be defined in the ConnectionFactory object.

Table 1. Properties of ConnectionFactory for secure connections to a WebSphere service integration bus messaging engine
Name of property Description
XMSC_WPM_SSL_CIPHER_SUITE The name of the CipherSuite to be used on an SSL or TLS connection to a WebSphere service integration bus messaging engine. The protocol used in negotiating the secure connection depends on the specified CipherSuite.
XMSC_WPM_SSL_KEY_REPOSITORY A path to the file that is the keyring file containing the public or private keys to be used in the secure connection.
XMSC_WPM_SSL_KEYRING_LABEL The certificate to be used when authenticating with the server.
XMSC_WPM_SSL_KEYRING_PW The password for the keyring file.
XMSC_WPM_SSL_KEYRING_STASH_FILE The name of a binary file containing the password of the key repository file.
XMSC_WPM_SSL_FIPS_REQUIRED The value of this property determines whether an application can or cannot use non-FIPS compliant cipher suites. If this property is set to true, only FIPS algorithms are used for the client-server connection.
Note: You must specify the XMSC_WPM_SSL_CIPHER_SUITE properties for all applications, and the XMSC_WPM_SSL_KEY_REPOSITORY properties for C/C++ applications only. You can specify all the other properties listed in the table according to requirements.
Related reference
ConnectionFactory (for the C class)
ConnectionFactory (for the C++ class)
IConnectionFactory (for the .NET interface)
Properties of ConnectionFactory
Required properties for administered ConnectionFactory objects

Concept topic

Terms of Use | Rate this page

Last updated: 18 Jun 2008

© Copyright IBM Corporation 2005, 2008. All Rights Reserved.