Refer to the Interface Repository Documentation at http://hostname:portnumber/ir/CtsSecurity__SSLSessionInfo.html#JaguarSecuritySSLProperties for a description of the ORB and SSLServiceProvider properties that govern the use of SSL, where hostname is the host on which EAServer is running, and portnumber is the HTTP listener number (8000 for example). In addition, you need to connect to a server address that can support your chosen level of security, as described in “Secure server addresses”.
Some properties, if not set or set incorrectly, cause the ORB to invoke an SSL callback method. If you do not install an SSL callback, the default callback implementation aborts the connection attempt.
To use SSL, you must specify a value for the qop property in ORB properties or by using the SSLServiceProvider interface. Specify the name of an available security characteristic. The characteristic describes the CipherSuites the client uses when negotiating an SSL connection. When connecting, the client sends the list of CipherSuites that it uses to the server, and the server selects a cipher suite from that list. The server chooses the first cipher suite in the list that it can use. If the server cannot use any of the available CipherSuites, the connection fails.
“Configuring security profiles” describes the security characteristics that are provided with EAServer. At runtime, you can retrieve a list of characteristics and their descriptions by retrieving the availableQop and availableQopDesc properties.
Set the qop property to sybpks_none to
prevent any use of SSL on a connection. This setting can be useful
if you have set the property globally for all ORBs using the SSLServiceProvider interface,
and you want to override the setting for an individual ORB instance.
The client ORB connects only to a server listener that uses an equivalent or greater level of security as requested in the qop setting. If you use the CosNaming or JNDI interfaces to instantiate proxies, the name service URL cannot specify a server address that uses a higher level of security than specified by the qop property. For example, if your server uses the typical port configuration, you can specify port 9000 (no SSL) in the name service URL if the qop specifies mutual authentication. However, you cannot specify port 9002 (mutual authentication) in the name service URL and set the qop to request server-only authentication. When you use ORB.string_to_object to instantiate a SessionManager::Manager proxy, the listener specified by the server address must use a security profile that matches the client’s qop setting.
For more information on instantiating proxies, see Chapter 10, “Developing CORBA Java Clients,” of the EAServer Corba Components Guide.
