The TN3270 server provides several choices for negotiating SSL usage with the client.
Assume client is using SSL indicates the SSL handshake will be used to start the SSL connection. If the client does not start the handshake within 5 seconds, then an attempt is made to do a negotiated SSL handshake using the IETF TLS-based Telnet Security specifications. If the client rejects SSL, the connection is closed.
Use TLS to initiate SSL indicates the client supports the IETF TLS-based Telnet Security Draft. A TN3270 negotiation with the client first determines if the client is willing to enter into a secure connection. If the client agrees, an SSL handshake is started and SSL protocols will be used for communication. If the client rejects SSL, the connection is closed.
Use TLS to allow client to decide if connection is secure indicates that the security protocol defined in the IETF TLS-based Telnet Security Draft is used to initiate the SSL connection. If the client agrees to enter into the secure connection, then SSL protocols will be used. If the client is NOT willing to enter into the secure connection, the connection is still allowed, but no SSL is used.