MQIPT implementation of SSL/TLS

SSL 3.0 and TLS 1.0, 1.1, and 1.2 are implemented with Public Key Cryptography Standards (PKCS) #12 tokens stored in key ring files (with file types of .p12 or .pfx), containing X509.V3 certificates. MQIPT can also use cryptographic hardware key stores that support the PKCS#11 Cryptographic Token Interface standard.

MQIPT uses the IBM Java Secure Socket Extension (JSSE) package.

MQIPT can act as an SSL/TLS client or an SSL/TLS server depending on which end initiates the connection. The client starts a connection and the server accepts the connection request. It is possible for an MQIPT route to act both as a client and a server. In this case, using the SSL/TLS Proxy Mode feature typically gives better performance.

When MQIPT is configured for SSL/TLS Proxy Mode, it only forwards SSL/TLS data between the two end-points; it does not participate in the SSL/TLS handshake and does not require any digital certificates.

Each MQIPT route can be independently configured with its own set of SSL/TLS properties. See MQIPT route properties for more details.