Skip to content

Security Proxy (Secure Shell Settings)

For sessions managed by Host Access Management and Security Server (MSS)

Security proxy settings only apply to sessions that have been configured to connect through the Security Proxy server.

Security Proxy and its related settings are only visible for sessions that are managed by MSS. Sessions that are set up on this server can be configured to connect to your host via the Security Proxy included in the centralized management server. You can use this Security Proxy to configure secure connections even if your host is not running an SSL/TLS-enabled Telnet server.

note

  • When the Security Proxy is used, the connection between the client and the Security Proxy server is secured and encrypted using the SSL/TLS protocol (TLS 1.2 and 1.3 only).

  • If you configure sessions that connect through the Security Proxy with authorization enabled, users must authenticate to MSS before they can connect using these sessions. This can be accomplished by the default login prompt or by setting up MSS for Single Sign-On.

Use Security Proxy Configure this session to use the Security Proxy for the server connection. Enable this option to access the Security Proxy configuration options below.
Proxy name Select the proxy server name from the drop-down list, which shows available servers.
Proxy port Select the proxy server port from the drop-down list.
Proxy cipher suites A read-only list of cipher suites supported by this proxy host and port. This list is only visible when the product is launched from the centralized management server.
Destination host Enter the destination host name.
Destination port Enter the destination port.

Security proxy SSL/TLS settings

SSL/TLS version Specifies which SSL or TLS version to use.

Encryption Strength

Encryption Strength Specify the desired level of encryption for SSL/TLS connections. The connection will fail if this level cannot be provided.

If you select Recommended ciphers, the FTP Client will negotiate with the host system to choose the strongest encryption level supported by both the host and the client. This new setting will contain the recommended encryption level from Open Text, and will change periodically.

NOTE: If you are running in FIPS mode and select Recommended Ciphers, the FTP Client will negotiate using only FIPS compliant encryption levels.

If you select Custom ciphers, you will be prompted to select from a list of available ciphers in the Custom Ciphers list view.

NOTE: Session files from previous versions that use default, 168, 128 or 256 bit Encryption Strength will be imported as Custom Ciphers and maintain the list that was used in prior versions for those settings options.
Retrieve and validate certificate chain Specifies whether certificates presented for host authentication are checked to determine if they are valid and signed by a trusted CA.

CAUTION: Disabling this option can make connections vulnerable to man-in-the-middle attacks, which could compromise the security of the connection.

Security proxy client authentication

Automatically select client certificate When enabled, the first qualifying certificate is presented to the server.
Prompt for certificate When enabled, the user will be prompted to select a particular certificate for client authentication.
Use selected certificate for authentication Select to specify a particular certificate for client authentication.