SSL protocol support for the managed .NET client

IBM® MQ.NET SSL support is based on the .NET SSLStream class.

Note: SSL protocol support for the managed .NET client depends on the .NET Framework level that the application is using. For more information, see SSL and TLS support for the managed .NET client.

For the Microsoft.NET SSLStream class to initialize SSL and perform a hand-shake with the queue manager, one of the required parameters that you must set is SSLProtocol, where you must specify the SSL or TLS version number, which must be one of the following values:

SSL3.0
TLS1.0
TLS1.2

The value of this parameter is tightly coupled with the Protocol family to which the preferred CipherSpec belongs. When SSLStream starts an SSL handshake with the server (queue manager), it uses the SSL or TLS version specified in SSLProtocol to identify list of CipherSpecs to be used for negotiation.

IBM MQ.NET does not make any properties available for applications to use to set this value. Instead, IBM MQ uses a mapping table to internally map the CipherSpec set to the Protocol family and identifies the SSLProtocol version to be used. This table shows the mapping each of the supported CipherSpec between Microsoft.NET and IBM MQ, and the Protocol version to which they belong. For more information, see CipherSpec mappings for the managed .NET client.