[TIBCO.EMS .NET client library 6.3 documentation]

SSL specific class that provides methods, defines and other miscellaneous constants that are used to set ssl parameters that apply across all connections.

Namespace:  TIBCO.EMS
Assembly:  TIBCO.EMS (in TIBCO.EMS.dll)

Syntax

public class EMSSSL
Public Class EMSSSL
public ref class EMSSSL

Remarks

Normally a client application obtains SSL setup as a part of the ConnectionFactory definition. ConnectionFactory is usually obtained by the client applications via JNDI lookup calls. However, in some cases it may be more convenient or required to define SSL parameters locally in the client rather than as a result of JNDI lookup operation. This may be necessary, for example, due to security considerations when JNDI lookup operation can not be performed securely over SSL protocol. Also sometimes it may be required or convenient to set ssl parameters globally that apply to all the connections. This class enables such requirements.

A EMS client is communicating with the server via SSL protocol when the server URL provided to the ConnectionFactory is specified in the form ssl://host:port.

When the connection between the client and the server is an SSL connection, the server and the client application must set parameters in order for the SSL handshake to be successful. The server parameters are set by the administrator. Each client application is responsible for setting SSL parameters correctly in order to be able to establish SSL connection to the server.

Setting up SSL parameters by the client can be done in one of three ways:

  • All SSL parameters are specified in the ConnectionFactory, that factory is obtained by the client via a JNDI lookup call. Notice this does not address an issue of making JNDI lookup calls over SSL connection.
  • SSL parameters are set globally via calls to this class. When a ConnectionFactory is using a URL specifying 'ssl' protocol but does not specify any other SSL parameters, the SSL parameters set via calls to the methods of this class will be used.
  • A client application can create a Map of SSL parameters and pass it directly into constructor of TopicConnectionFactory or QueueConnectionFactory.

SSL Parameters.

A client has to choose the certificate store it is going to work with before setting the SSL parameters. EMS .NET client supports two different certificate stores and each store has different API please see EMSSSLFileStoreInfo and EMSSSLSystemStoreInfo for more information on the certificate store specific API's.

Cipher Suites.

Since the .NET framework does not allow to specify the ciphers from the client side, The EMS .NET api also does not have any provision of specifiying the ciphers.

General Setup

When a EMS .NET client establishes an SSL connection to the EMS server, it should at the very least specify the TARGET_HOST_NAME parameter, this is a required parameter for the SSLStream. A client then has to specify one of the certificate store types EMSSSL_STORE_TYPE_FILE or EMSSSL_STORE_TYPE_SYSTEM along with the STORE_INFO object. The Store info has all the required information:

  • In case of the system store, the store info has information about the location of the store, the store name and the certificate name to look for in the store.
  • In case of the file store, the store info has information about the the client identity, the password for the private key and any optional trusted certs.

The client can set the host name verifier callback that will be called during the SSL handshake, the client can perform any specific validations in the host name verifier callback, returning false from this callback will cause the SSL handshake to terminate, return true will cause the SSL handshake to proceed.

If the client is interested in authentication only, then it needs call SetAuthOnly(Boolean) with a true flag. Normal behavior is to perform authentication and then any data that is sent/received encrypted/decrypted. Setting auth only to true will on both the client and the server will cause the client to perform authentication only and switch over to tcp connection for better performance at the expense of data security.

Inheritance Hierarchy

System..::.Object
  TIBCO.EMS..::.EMSSSL

See Also