Security Proxy Server Settings
You can use settings under Use security proxy, if you use the Host Access Management and Security Server (available separately from Rocket Software) and have configured the included Security proxy server. With these options, your session connects to your host via the Security proxy. You can use this Security proxy to configure secure connections even if your host is not running an SSL/TLS-enabled Telnet server. (Some of these settings are only visible and configurable when using the Administrative Console)
note
-
When the Security Proxy is used, the connection between the client and the Security Proxy server is secured and encrypted using the SSL/TLS protocol. By default, the information sent between the proxy server and the destination host is in the clear. If you enable the End-to-End encryption option (available for 5250, 3270, and VT sessions), information sent between the Security Proxy the destination host is also encrypted. ( End-to-End encryption requires that the host support SSL/TLS.)
-
If you configure sessions that connect through the Security Proxy with authorization enabled, users must authenticate to the centralized management server before they can connect using these sessions.
Use security proxy | Configure this session to use the Security proxy for the server connection. |
Security proxy | If configuring from the MSS Administrative console, select the proxy server name from the drop-down list, which shows available servers. Otherwise enter the Security Proxy hostname. |
Proxy port | If configuring from the MSS Administrative console, select the proxy server port from the drop-down list. Otherwise enter the Security Proxy port. |
Destination host | This setting is only viewable from the MSS Administrative console. If client authorization is enabled on the Security proxy, enter the destination host name. If client authorization is not enabled on the Security proxy, this box is read only. |
Destination port | This setting is only viewable from the MSS Administrative console. If client authorization is enabled on the Security proxy, enter the destination port. If client authorization is not enabled, this box is read only. |
End-to-End SSL/TLS (Client to proxy to destination host) | This setting is only viewable from the MSS Administrative console (available for 5250, 3270, and VT sessions). This option tunnels a direct SSL/TLS connection to the host, while still connecting through the Security proxy. These connections require two certificates and two SSL/TLS handshakes-one for the client/proxy server connection and another for the client/host connection. |
No data encryption from proxy to destination host | This setting is only viewable from the MSS Administrative console. This option applies a null cipher to the direct SSL/TLS connection from the client to the host so that this connection is not encrypted. This does not affect the encryption of the SSL/TLS connection from the client to the security proxy that provides the “tunnel” for the client/host connection. When this option is selected, the data is encrypted from the client to the security proxy and unencrypted (“in the clear”) from the proxy to the host. |
Proxy cipher suites | A read-only list of cipher suites supported by this proxy host and port. This list is only visible when the product is launched from the MSS Administrative Console. |