Closed WalkerWalker closed 11 months ago
The TLS handshake is managed as part of the IBM MQ software, and I don't think anything you've mentioned is related to this sample repository. Can I please suggest that you raise this as a support ticket against the MQ software?
As the title mentions, mTLS works between client and IBM MQ if the client keystore has certificate only for serverAuth, not clientAuth. But should not be the case.
for example, folloing the official guide here https://developer.ibm.com/tutorials/configuring-mutual-tls-authentication-java-messaging-app/ and we can establish the mTLS connection successfully and the client log has the following Produced client Certificate handshake message
More specifically the certificate has the field
and in my understand, it should prevent the mTLS handshake being successful because it doesn't have clientAuth. But it seems that the IBM MQ doesn't care about ExtendedKeyUsages.