Security Proxy (Secure Shell Settings)

Security Proxy and its related settings are visible for sessions that are managed by the Host Access Management and Security Server (MSS). Sessions that are set up on this server can be configured to connect to your host via the Security Proxy included in the centralized management server. You can use this Security Proxy to configure secure connections even if your host is not running an SSL/TLS-enabled Telnet server.

NOTE:

When the Security Proxy is used, the connection between the client and the Security Proxy server is secured and encrypted using the SSL/TLS protocol.
If you configure sessions that connect through the Security Proxy with authorization enabled, users must authenticate to the centralized management server before they can connect using these sessions. This can be accomplished by the default login prompt or by setting up the centralized management server for Single Sign-On.

Use Security Proxy	Configure this session to use the Security Proxy for the server connection. Enable this option to access the Security Proxy configuration options below.
Proxy name	Select the proxy server name from the drop-down list, which shows available servers.
Proxy port	Select the proxy server port from the drop-down list.
Proxy cipher suites	A read-only list of cipher suites supported by this proxy host and port. This list is only visible when the product is launched from the centralized management server.
Destination host	Enter the destination host name.
Destination port	Enter the destination port.

Security proxy SSL/TLS settings

SSL/TLS version

Specifies which SSL or TLS version to use.

Encryption Strength

Specify the desired level of encryption for SSL/TLS connections. The connection will fail if this level cannot be provided.

If you select Recommended ciphers, the FTP Client will negotiate with the host system to choose the strongest encryption level supported by both the host and the client. This new setting will contain the recommended encryption level from Micro Focus, and will change periodically.

If you are running in FIPS mode and select Recommended Ciphers, the FTP Client will negotiate using only FIPS compliant encryption levels.

If you select Custom ciphers, you will be prompted to select from a list of available ciphers in the Custom Ciphers list view.

NOTE:Session files from previous versions that use default, 168, 128 or 256 bit Encryption Strength will be imported as Custom Ciphers and maintain the list that was used in prior versions for those settings options.

Retrieve and validate certificate chain

Specifies whether certificates presented for host authentication are checked to determine if they are valid and signed by a trusted CA.

CAUTION:Disabling this option can make connections vulnerable to man-in-the-middle attacks, which could compromise the security of the connection.

Security proxy client authentication

Automatically select client certificate	When enabled, the first qualifying certificate is presented to the server.
Prompt for certificate	When enabled, the user will be prompted to select a particular certificate for client authentication.
Use selected certificate for authentication	Select to specify a particular certificate for client authentication.