Proxy Tab (Secure Shell Settings)

Use the Proxy tab to enable proxy use for Reflection Secure Shell sessions.

The options are:

None

No proxy is configured. (This is the default.)

SOCKS

Select SOCKS to configure a Secure Shell connection through a SOCKS proxy.

HTTP

Select HTTPto configure a Secure Shell connection through an HTTP proxy.

Configure

Configure proxy server settings.

NOTE:

  • For Secure Shell connections, proxy use is enabled for the currently specified SSH config scheme using the Proxy setting in the Secure Shell configuration file. The proxy server address is stored in the Windows registry on a per-user basis and applies to all Secure Shell sessions.

  • In the Reflection FTP Client, the Security Properties dialog box includes tabs for both SOCKS configuration and Secure Shell configuration. You cannot use the SOCKS tab of the Security Properties dialog box to configure SOCKS proxied connections when you have enabled Use Reflection Secure Shell on the Secure Shell tab. To configure your SOCKS proxy, use the SOCKS setting on the Proxy tab of the Reflection Secure Shell Settings dialog box.

Reflection Security Proxy Server Settings

Use Reflection security proxy and related settings are visible for sessions that are managed on a centralized management server. When you set up sessions on this server, you can configure them to connect to your host via the Security Proxy included in the centralized management server. You can use this Security Proxy to configure secure connections even if your host is not running an SSL/TLS-enabled Telnet server.

NOTE:

  • When the Security Proxy is used, the connection between the client and the Security Proxy server is secured and encrypted using the SSL/TLS protocol.

  • If you configure sessions that connect through the Security Proxy with authorization enabled, users must authenticate to the centralized management server before they can connect using these sessions. This can be accomplished by the default login prompt or by setting up the centralized management server for Single Sign On.

Use Reflection security proxy

Configure this session to use the Security Proxy for the server connection.

Security proxy server and destination host

Security proxy

Select the proxy server name from the drop-down list, which shows available servers.

Proxy port

Select the proxy server port from the drop-down list.

Destination host

If client authorization is enabled on the Security Proxy, enter the destination host name. If client authorization is not enabled, this box is read only.

When you select a security port, the destination host configured to use that port is displayed automatically.

Destination port

If client authorization is enabled on the Security Proxy, enter the destination host name. If client authorization is not enabled, this box is read only.

When you select a security port, the destination port and destination host are displayed automatically.

Security proxy SSL/TLS settings

Encryption strength

Specify the desired level of encryption for SSL/TLS connections. The connection will fail if this level cannot be provided.

If you select Default, any encryption level is permitted, and your client will negotiate with the host system to choose the strongest encryption level supported by both the host and the client. If you are running in FIPS mode and select Default, the negotiation will allow only FIPS compliant encryption levels.

NOTE:The effective encryption strength of the established connection may not match the value you select here. For example, 168 bit encryption uses 3DES cipher suites, which use a 168 bit key length, but provide an effective security of only 112 bits.

SSL/TLS version

Specifies which SSL or TLS version to use.

Retrieve and validate certificate chain

Specifies whether certificates presented for host authentication are checked to determine if they are valid and signed by a trusted CA.

CAUTION:Disabling this option can make connections vulnerable to man-in-the-middle attacks, which could compromise the security of the connection.

Security server performs encryption and user authorization

Proxy cipher suites

A read-only list of cipher suites supported by this proxy host and port. This list is only visible when the product is launched from the Administrative WebStation (included with centralized management server).

Security proxy client authentication

Find certificate for authentication

When selected, all available personal certificates are presented to the server for client authentication.

Use selected certificate for authentication

Select to specify a particular certificate for client authentication.