VA -> MQ over SSL

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

VA -> MQ over SSL

Wayne Johnston
I believe it is possible to set up MQ channels so that applications connecting to MQ must use SSL (TLS).  For instance, from a Java app: https://lahirumadushankablog.wordpress.com/2018/04/25/connecting-to-ibm-mq-via-java-ssl-client/


Can VA Smalltalk do this?  I assume the answer is one of these:
1. Of course it can be done.
2. Perhaps it can be done, but nobody has tried it.
3. Of course it cannot be done with current VA code.

If #1 or #2, I'd appreciate a hint of how to try it.  :-)  For instance I am guessing I'd need PEM certificate files and somehow use the same SstSsl* & SciSsl* code as done for HTTPS?

If #3, might this be included in the "MQ Series Enhancements" hint on the VA roadmap?

The old "Writing MQSeries applications for VA Smalltalk Server" thread mentioned sslPeerName which is one of the attributes you'd need when connecting, but that thread did not address SSL.

--
You received this message because you are subscribed to the Google Groups "VA Smalltalk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/va-smalltalk.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: VA -> MQ over SSL

Seth Berman
Hi Wayne,

We have customers using MQ connections with SSL.
The current binding level in VA does not support it but we have helped to provide the appropriate
binding extensions to get folks going and they verified that it works.
We can't help you setup the queues and server side settings, but we can provide you the client binding extensions that will
enable SSL.
Please send in a support case if you are interested in this.

For the future, yes, MQ enhancements will mean bringing the binding level up which, by extension, will
bring in official support for SSL

-- Seth

On Tuesday, October 30, 2018 at 10:57:25 AM UTC-4, Wayne Johnston wrote:
I believe it is possible to set up MQ channels so that applications connecting to MQ must use SSL (TLS).  For instance, from a Java app: <a href="https://lahirumadushankablog.wordpress.com/2018/04/25/connecting-to-ibm-mq-via-java-ssl-client/" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Flahirumadushankablog.wordpress.com%2F2018%2F04%2F25%2Fconnecting-to-ibm-mq-via-java-ssl-client%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH_kyJ_rlXiWd-psmnBCuM1spUbsA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Flahirumadushankablog.wordpress.com%2F2018%2F04%2F25%2Fconnecting-to-ibm-mq-via-java-ssl-client%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH_kyJ_rlXiWd-psmnBCuM1spUbsA&#39;;return true;">https://lahirumadushankablog.wordpress.com/2018/04/25/connecting-to-ibm-mq-via-java-ssl-client/


Can VA Smalltalk do this?  I assume the answer is one of these:
1. Of course it can be done.
2. Perhaps it can be done, but nobody has tried it.
3. Of course it cannot be done with current VA code.

If #1 or #2, I'd appreciate a hint of how to try it.  :-)  For instance I am guessing I'd need PEM certificate files and somehow use the same SstSsl* & SciSsl* code as done for HTTPS?

If #3, might this be included in the "MQ Series Enhancements" hint on the VA roadmap?

The old "Writing MQSeries applications for VA Smalltalk Server" thread mentioned sslPeerName which is one of the attributes you'd need when connecting, but that thread did not address SSL.

--
You received this message because you are subscribed to the Google Groups "VA Smalltalk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/va-smalltalk.
For more options, visit https://groups.google.com/d/optout.