IBM MQ.NET managed client TLS support
The IBM® MQ.NET fully managed client provides Transport Layer Security (TLS) support that is based on the Microsoft.NET SSLStreams kit. This is different from the other IBM MQ clients, which are based on IBM Global Security Kit (GSKit).
- In managed mode, .NET applications work within the .NET CLR (Common Language Runtime) without any cross platform invocation such as invoking the C MQI.
- In unmanaged mode, the C MQI is invoked for the underlying MQI operations. Basically, the unmanaged mode interface comprises the .NET wrapper classes on top of the C MQI.
The managed IBM MQ.NET client uses the Microsoft.NET Framework libraries to implement TLS secure socket protocols. The System.NET.Security.SSLStream class from Microsoft is used for implementing Security (TLS) in IBM MQ.NET.
The unmanaged IBM MQ.NET client mode already supports the TLS feature, which is based on C MQI (and GSKit). That is, the TLS operations are handled by the C MQI. In this case, GSKit implements the TLS secure socket protocols.
The following table summarizes the differences between the managed and unmanaged implementations:
Mode | Protocols | Implementation | Comments |
---|---|---|---|
IBM MQ.NET managed SSL |
TLS |
System.NET.Security.SSLStream class SSLStream class operates as a stream over a connected TCP socket |
TLS 1.0 TLS 1.2 (with Microsoft.NET Framework v4.5 only) |
IBM MQ.NET unmanaged SSL |
TLS |
GSKIT and C-MQI | TLS secure socket protocols |