Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are two different communication protocols that allow applications to communicate securely over the Internet using data encryption. TLS is based on SSL, but has a different initial handshake protocol and is more extensible. TLS and SSL are not interoperable. That is, an application using TLS cannot communicate with an application running SSL. Both protocols are widely used.
Telnet-negotiated (3270 Display/Printer, VT sessions only)Telnet-negotiated (3270 Display/Printer, VT sessions only)
Determines if the security negotiations between the client and the Telnet server are done
on the established Telnet connection or on a TLS connection prior to the Telnet
negotiation. For the client to use this feature, the Telnet server must support TLS-based
Telnet security. The other options are valid regardless of whether Telnet-negotiated is
set to Yes or No.
Server Authentication
Ensures that a secure session is established only if the Internet name of the server
matches the common name in the server's certificate. This is effective only on a
locally-installed client or a client downloaded via HTTPS.
Add MSIE browser's keyring
When this option is selected, the Host On-Demand client accepts certificate authorities trusted
by the Microsoft Internet Explorer browser.
The following options are used to specify the handling of client authentication.
Send a Certificate
Enables Client Authentication. If you click No and the server requests
a client certificate, the server is told that no client certificate is available, and
the user is not prompted.
Certificate Source
The certificate can be kept in the client's browser or a dedicated security device such as
a smart card.
Alternatively, it can be kept in a local or network-accessed file, in PKCS12 or PFX format, protected by a password.
URL or Path and Filename
Specifies the default location of the client certificate. The URL protocols you can use
depend on the capabilities of your browser. Most browsers support HTTP, HTTPS, FTP, and FTPS.
Select File
Click Select File to browse the local file system for the file containing the certificate.
Certificate Name
Select a certificate from the list. You can also accept any certificate trusted by the server.
Add Certificate Name
Click Add Name to specify the parameters for choosing a client certificate,
including the common name, e-mail address, organizational unit, and organization used to
define it. (This button is only available on the administrator's configuration
panel.)
How often to prompt
This drop-down box
allows you to control the frequency of prompts for client certificates. The
certificate source of your clients determines the selection of prompts available to you.
You can regard the following two choices as constants; they are always available, regardless of certificate source:
If the certificate source is Browser or security device, you have two additional options:
 | Currently this is true only for Microsoft Internet Explorer. |
If the certificate source is URL or local file, and your clients store user preferences locally, you have two additional options:
If the certificate source is URL or local file, and your clients do not store user preferences locally, you have one additional option:
Retrieve certificate before connect
If you click Yes, the client accesses its certificate before connecting the
server, whether the server requests a certificate or not. If you click No,
the client only accesses the certificate after the server has requested it; depending
on other settings, this may force the client to abnormally terminate the connection to the
server, prompt the user, and then reconnect.
Lock (Host On-Demand administrator only)
Select Lock to prevent users from changing the associated startup value for a session.
Users can not change values for most fields because the fields are unavailable. However,
functions accessed from the session menu or toolbar can be changed.