IBM MQ.NET managed client TLS support

The IBM® MQ.NET fully managed client provides Transport Layer Security (TLS) support that is based on the Microsoft.NET SSLStreams kit. This is different from the other IBM MQ clients, which are based on IBM Global Security Kit (GSKit).

You can develop IBM MQ.NET applications to run in managed mode or unmanaged mode.
  • In managed mode, .NET applications work within the .NET CLR (Common Language Runtime) without any cross platform invocation such as invoking the C MQI.
  • In unmanaged mode, the C MQI is invoked for the underlying MQI operations. Basically, the unmanaged mode interface comprises the .NET wrapper classes on top of the C MQI.

The managed IBM MQ.NET client uses the Microsoft.NET Framework libraries to implement TLS secure socket protocols. The System.NET.Security.SSLStream class from Microsoft is used for implementing Security (TLS) in IBM MQ.NET.

The unmanaged IBM MQ.NET client mode already supports the TLS feature, which is based on C MQI (and GSKit). That is, the TLS operations are handled by the C MQI. In this case, GSKit implements the TLS secure socket protocols.

Figure 1. IBM MQ.NET managed and unmanaged TLS comparison
This image is described in the surrounding text.

The following table summarizes the differences between the managed and unmanaged implementations:

Table 1. Differences between managed and unmanaged implementations
Mode Protocols Implementation Comments
IBM MQ.NET managed SSL

TLS

System.NET.Security.SSLStream class

SSLStream class operates as a stream over a connected TCP socket

TLS 1.0

TLS 1.2 (with Microsoft.NET Framework v4.5 only)

IBM MQ.NET unmanaged SSL

TLS

GSKIT and C-MQI TLS secure socket protocols