Products | Versions |
---|---|
TIBCO Enterprise Message Service | - |
If SHA2 is required, it should be used in both certificate (i.e client and server certificate) and cipher.
SHA2 in certificate and cipher are used for two independent processes.
SHA2 in certificate is used to ensure integrity of certificates during the handshaking process when client and EMS server are exchanging certificates. Digital signature in certificate is computed by using certificate as input to the SHA2 hash function. More information on verification of certificate can be found on https://tools.ietf.org/html/rfc5280#section-4.1.1.3. At this time, SSL connection is not established yet.
After handshaking and SSL connection is established, to ensure the integrity of data between client and server, HMAC( Keyed-Hashing for Message Authentication) is used. It's a message authentication code obtained by running a cryptographic hash function (i.e SHA2 cipher) over the data and a shared secret key. HMAC is specified in RFC 2104 (https://tools.ietf.org/html/rfc2104).