IBM MQ.NET managed client SSL and TLS support
The IBM® MQ.NET fully managed client provides Secure Sockets Layer (SSL) and Transport Layer Security (TLS) support that is based on the Microsoft.NET SSLStreams kit. This is different from the other IBM MQ clients, which are based on GSKit.
- In managed mode, .NET applications work within the .NET CLR (Common Language Runtime) without any cross platform invocation such as invoking the C MQI.
- In unmanaged mode, the C MQI is invoked for the underlying MQI operations. Basically, the unmanaged mode interface comprises the .NET wrapper classes on top of the C MQI.
The managed IBM MQ.NET client uses the Microsoft.NET Framework libraries to implement SSL and TLS secure socket protocols. The System.NET.Security.SSLStream class from Microsoft is used for implementing Security (SSL/TLS) in IBM MQ.NET.
The unmanaged IBM MQ.NET client mode already supports the SSL feature, which is based on C MQI (and GSKit). That is, the SSL operations are handled by the C MQI. In this case, GSKit implements the SSL and TLS secure socket protocols.
The following table summarizes the differences between the managed and unmanaged implementations:
Mode | Protocols | Implementation | Comments |
---|---|---|---|
IBM MQ.NET managed SSL |
SSL TLS |
System.NET.Security.SSLStream class SSLStream class operates as a stream over a connected TCP socket |
SSL 3.0, TLS 1.0 TLS1.2 (with Microsoft.NET Framework v4.5 only) |
IBM MQ.NET unmanaged SSL |
SSL TLS |
GSKIT and C-MQI | SSL and TLS secure socket protocols |