previous
next
The Secure Sockets Layer protocol (SSL) and its compatible successor, the Transport Layer Security protocol (TLS), enable a client and server to establish a secure, encrypted connection over a public network. TLS is the more secure alternative. When you connect using TLS, the client authenticates the server before making a connection, and all data passed between InfoConnect and the server is encrypted. Depending on the server configuration, the server may also authenticate the client.
NOTE:SSL/TLS connections use digital certificates for authentication. Depending on how your certificate was issued and the way your host is configured, you may need to install a host and/or personal certificate before you can connect using SSL/TLS.
In ALC, UTS, and T27 sessions, SSL/TLS configuration is included in the path configuration used for the connection
To configure SSL/TLS in most ALC, UTS, and T27 sessions
Open the dialog box for the path used for the connection.
Set to the version you require.
Click to open the dialog box. From this dialog box, you can configure certificate revocation settings, and whether host name matching is required. You can also use it to access the to configure host and user certificates for the connection.
To configure SSL/TLS in ALC or UTS sessions that use the MATIP transport
Open the MATIP Host Configuration dialog box for the path used for the connection.
Set to the version you require and configure certificate revocation settings, and whether host name matching is required.
Click to configure host and user certificates for the connection.
In 3279, 5250, and VT sessions, the security level is set in your session document.
To configure SSL/TLS in 3270, 5250, or VT terminal sessions
Open the dialog box, select a session template and click .
For , enter the fully qualified host name.
NOTE:By default, the host name you enter must exactly match one of the host names entered in either the or the field of the host's certificate. The setting is configured from the dialog box. Leave this setting selected for maximum security.
In the box, set the port your host uses for SSL/TLS connections. In most cases you will have to change the default port value. Contact the host system administrator for this information. (For connections to an AS/400, the SSL/TLS port will typically be 992.)
Select and then click .
Do one of the following:
If you are setting up a 3270 and 5250 terminal session, under , click . Then, in the Configure Advanced Connection Settings dialog box, click .
If you are setting up a VT terminal session, click , confirm Network Connection Type is set to , and click the Back arrow button. Then, under , click .
From the dialog box, select the tab, and select .
(Optional) To specify the minimum allowable level of encryption for SSL/TLS connections, select a level in the list. The connection fails if this level cannot be provided.
NOTE:If you select Default, any encryption level is permitted, and InfoConnect negotiates with the host system to choose the strongest encryption level supported by both the host and the PC.
(Optional) Click .
Modify default settings as required. (For example, to use only the InfoConnect store, you might choose to clear . When this option is selected, InfoConnect looks for certificates in both the InfoConnect store and the Windows certificate store.)
From this dialog box, you can also access the . to configure host and user certificates for the connection
Click to close the other open dialog boxes, and save the session document.