TLS protocol support for the managed .NET client

IBM MQ .NET TLS support is based on the .NET SSLStream class.

Note: TLS protocol support for the managed .NET client depends on the .NET Framework level that the application is using. For more information, see TLS support for the managed .NET client. For the Microsoft.NET SSLStream class to initialize TLS and perform a hand-shake with the queue manager, one of the required parameters that we must set is SSLProtocol, where we must specify the TLS version number, which must be one of the following values:

  • SSL3.0
  • TLS1.0
  • TLS1.2

The value of this parameter is tightly coupled with the Protocol family to which the preferred CipherSpec belongs. When SSLStream starts an TLS handshake with the server (queue manager), it uses the TLS version specified in SSLProtocol to identify list of CipherSpecs to be used for negotiation.

IBM MQ.NET does not make any properties available for applications to use to set this value. Instead, IBM MQ uses a mapping table to internally map the CipherSpec set to the Protocol family and identifies the SSLProtocol version to be used. This table shows the mapping each of the supported CipherSpec between Microsoft.NET and IBM MQ, and the Protocol version to which they belong. For more information, see CipherSpec mappings for the managed .NET client.

Parent topic: TLS support for the managed .NET client