The Secure Sockets Layer protocol (SSL) and its compatible successor, the Transport Layer Security protocol (TLS), enable a client and server to establish a secure, encrypted connection over a public network. TLS is the more secure alternative. When you connect using TLS, the client authenticates the server before making a connection, and all data passed between InfoConnect and the server is encrypted. Depending on the server configuration, the server may also authenticate the client.
NOTE:SSL/TLS connections use digital certificates for authentication. Depending on how your certificate was issued and the way your host is configured, you may need to install a host and/or personal certificate before you can connect using SSL/TLS.
In ALC, UTS, and T27 sessions, SSL/TLS configuration is included in the path configuration used for the connection
To configure SSL/TLS in most ALC, UTS, and T27 sessions
Open the TCP/UDP Path Options dialog box for the path used for the connection.
Set Security type to the version you require.
Click PKI Settings to open the PKI Settings dialog box. From this dialog box, you can configure certificate revocation settings, and whether host name matching is required. You can also use it to access the Reflection Certificate Manager to configure host and user certificates for the connection.
To configure SSL/TLS in ALC or UTS sessions that use the MATIP transport
Open the MATIP Host Configuration dialog box for the path used for the connection.
Set Security type to the version you require and configure certificate revocation settings, and whether host name matching is required.
Click Reflection Certificate Manager to configure host and user certificates for the connection.
In 3279, 5250, and VT sessions, the security level is set in your session document.
To configure SSL/TLS in 3270, 5250, or VT terminal sessions
Open the Create New Document dialog box, select a session template and click Create.
For Host Name/IP Address, enter the fully qualified host name.
NOTE:By default, the host name you enter must exactly match one of the host names entered in either the CommonName or the SubjectAltNamefield of the host's certificate. The setting Certificate host name must match host being contacted is configured from the PKI Configuration dialog box. Leave this setting selected for maximum security.
In the Port box, set the port your host uses for SSL/TLS connections. In most cases you will have to change the default port value. Contact the host system administrator for this information. (For connections to an AS/400, the SSL/TLS port will typically be 992.)
Select Configure additional settings,and then click OK.
Do one of the following:
If you are setting up a 3270 and 5250 terminal session, under Host Connection, click Set Up Connection Security. Then, in the Configure Advanced Connection Settings dialog box, click Security Settings.
If you are setting up a VT terminal session, click Configure Connection Settings, confirm Network Connection Type is set to Telnet, and click the Back arrow button. Then, under Host Connection, click Set Up Connection Security.
From the Security Properties dialog box, select the SSL/TLS tab, and select Use SSL/TLS security.
(Optional) To specify the minimum allowable level of encryption for SSL/TLS connections, select a level in the Encryption strength list. The connection fails if this level cannot be provided.
NOTE:If you select Default, any encryption level is permitted, and InfoConnect negotiates with the host system to choose the strongest encryption level supported by both the host and the PC.
(Optional) Click Configure PKI.
Modify default settings as required. (For example, to use only the InfoConnect store, you might choose to clear Use System Certificate Store for SSL/TLS connections. When this option is selected, InfoConnect looks for certificates in both the InfoConnect store and the Windows certificate store.)
From this dialog box, you can also access the Reflection Certificate Manager. to configure host and user certificates for the connection
Click OK to close the other open dialog boxes, and save the session document.