ScenariosAdded by IBM on October 4, 2010 | Version 1 (Original)
|There are three primary scenarios for how to configure and use an SSL connection.
There are three primary scenarios for how to configure and use an SSL connection.
- Using server authentication
- Using mutual authentication
- Using no authentication at all
The term "authentication" relates specifically to the authentication of the client and server to establish an encrypted network connection. It should not be confused with the authentication feature of the micro broker, which is used to determine whether or not a particular client is who they claim to be and whether they are allowed to make use of a broker’s facilities, such as to publish or subscribe to topics. For more information on this type of authentication, refer to Configuring micro broker authentication
Server authentication: XPD621
This is where network traffic is encrypted. When a client connects to the server, the client verifies the server’s identity. When using this mode, a client can be sure that it is talking to a trusted server, but the server does not know the identity of the client.
Mutual authentication: XPD621
This is where network traffic is encrypted and is similar to server authentication. However, the server also authenticates the client’s identity, so that both parties know who they are communicating with.
Using no authentication at all: XPD621
This is where network traffic is encrypted, but no authentication is performed. This is easier to configure, but is vulnerable to “man in the middle” attacks, as neither the client or server knows the identity of the other party. This mode is inherently less secure than the other methods, and is not recommended for production use.
Parent topic: Configuring micro broker encryption: XPD621