Coordinating NSS Initialization

If your application uses NSS directly, other than to support Message Queue secure communication, you need to coordinate NSS initialization with the Message Queue C-API library. There are two cases to consider:

• Your application does not use secure Message Queue connections.

  In this case, you should do your application’s NSS initialization before calling MQCreateConnection to create any connection to the Message Queue broker.

• Your application does use secure Message Queue connections.

  In this case, you should follow the procedure outlined below before calling MQCreateConnection to create any Message Queue connection.

To Coordinate NSS Initialization

1. Call the function MQInitializeSSL. (You must specify the path to the directory containing the NSS files as the certdbpath parameter to this function.)

   Your application’s use of NSS must specify the same certdbpath value for the location of its NSS files. (That is, the certificates needed by your application must be located in the same directory as the certificates needed by Message Queue.)

   Internally, the function MQInitializeSSL does the following:

   • Calls the function NSS_Init(certdbpath).

   • Sets DOMESTIC cipher policy using the function NSS_SetDomesticPolicy().

   • Enables all cipher suites, including RSA_NULL_MD5 by calling the function SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE) .

   • Calls the function SSL_ClearSessionCache().

2. If your application needs different cipher suite settings, after you call the MQInitializeSSL() function, you can modify the cipher suites by calling the function SSL_CipherPrefSetDefault. However, note that these changes will affect your secure connection to the Message Queue broker as well.