IBM MQ.NET managed client SSL and TLS support

The IBM® MQ.NET fully managed client provides Secure Sockets Layer (SSL) and Transport Layer Security (TLS) support that is based on the Microsoft.NET SSLStreams kit. This is different from the other IBM MQ clients, which are based on GSKit.

You can develop IBM MQ.NET applications to run in managed mode or unmanaged mode.

In managed mode, .NET applications work within the .NET CLR (Common Language Runtime) without any cross platform invocation such as invoking the C MQI.
In unmanaged mode, the C MQI is invoked for the underlying MQI operations. Basically, the unmanaged mode interface comprises the .NET wrapper classes on top of the C MQI.

The managed IBM MQ.NET client uses the Microsoft.NET Framework libraries to implement SSL and TLS secure socket protocols. The System.NET.Security.SSLStream class from Microsoft is used for implementing Security (SSL/TLS) in IBM MQ.NET.

The unmanaged IBM MQ.NET client mode already supports the SSL feature, which is based on C MQI (and GSKit). That is, the SSL operations are handled by the C MQI. In this case, GSKit implements the SSL and TLS secure socket protocols.

This image is described in the surrounding text. — Figure 1. IBM MQ.NET managed and unmanaged SSL/TLS comparison

The following table summarizes the differences between the managed and unmanaged implementations:

Table 1. Differences between managed and unmanaged implementations
Mode	Protocols	Implementation	Comments
IBM MQ.NET managed SSL	SSL TLS	System.NET.Security.SSLStream class SSLStream class operates as a stream over a connected TCP socket	SSL 3.0, TLS 1.0 TLS1.2 (with Microsoft.NET Framework v4.5 only)
IBM MQ.NET unmanaged SSL	SSL TLS	GSKIT and C-MQI	SSL and TLS secure socket protocols