Hmmm...used OpenSSL to fetch the certificate of a vendor's #IBMMQ server. Both MQ and OpenSSL use a standard TLS handshake and we are obviously authorized to connect for the MQ interface, but vendor claims using OpenSSL was an "intrusion".
If this is an intrusion I wonder if they'd recognize a real one. SMDH.
@MakerWerks That was my feeling on it. Meanwhile, the vendor has escalated to director-level management for the LOB and Ops. Hello mole hill, meet mountain. There is so much real #itsecurity to work on, I hate getting bogged down in somebody's political theater.
@MakerWerks I'd ask but since this was escalated I've been told all communications must go through the account manager. So now even the technical discussion is political. I could not make this stuff up if I tried.
@tdotrob Yeah, some days you just wanna be doing anything else in a different place. I had a friend of mine recently trying to woo me to interview at the very large IT/cloud/networking vendor he works for. The possibility of these exact kinds of scenarios is what made me turn it down.
@tdotrob An obvious question would be what do they consider to be acceptable methods for fetching a cert? The answer might prove amusing.