SSL/TLS (Security Properties Dialog Box)
The Secure Sockets Layer protocol (SSL) and its compatible successor, the Transport Layer Security protocol (TLS), enable a client and server to establish a secure, encrypted connection over a public network. When you connect using SSL/TLS, the client authenticates the server before making a connection, and all data passed between the client and the server is encrypted. Depending on the server configuration, the server may also authenticate the client.
The options are:
Use SSL/TLS Security | Enables SSL/TLS connections. You must select this before you can set other values from the SSL/TLS section. When Use SSL/TLS security is selected, connections are made to the host only if a secure SSL/TLS connection can be established. Before making an SSL/TLS connection, your client must authenticate the host. Authentication is handled through the use of digital certificates. These certificates are part of the same Public Key Infrastructure (PKI) that is used to secure internet transactions. Your computer must be configured to recognize the digital certificate presented by your host and, if necessary, to provide a certificate for client authentication. If your computer is not properly configured, or if the certificates presented for authentication are not valid, you will not be able to make SSL/TLS connections. Depending on how a host certificate was issued, you may need to install a certificate on your local computer. |
SSL/TLS version | Specifies which SSL or TLS version to use. |
Encryption Strength | Specify the desired level of encryption for SSL/TLS connections. The connection will fail if this level cannot be provided. If you select Recommended ciphers, the FTP Client will negotiate with the host system to choose the strongest encryption level supported by both the host and the client. This new setting will contain the recommended encryption level from Rocket Software, and will change periodically. NOTE: If you are running in FIPS mode and select Recommended Ciphers, the FTP Client will negotiate using only FIPS compliant encryption levels. If you select Custom ciphers, you will be prompted to select from a list of available ciphers in the Custom Ciphers list view. NOTE: Session files from previous versions of Reflection that use default, 168, 128 or 256 bit Encryption Strength will be imported as Custom Ciphers and maintain the list that was used in prior versions for those settings options. |
Run in FIPS mode | When you run in FIPS mode, all connections are made using security protocols and algorithms that meet FIPS 140-2 standards. In this mode some standard connection options are not available. A FIPS mode icon is visible on the status bar when a connection is made using FIPS mode. NOTE: Selecting Run in FIPS mode from the SSL/TLS section enforces FIPS mode only for the connection currently being configured. Administrators can use Group Policies to enforce FIPS mode for all connections. |
Retrieve and validate certificate chain | Specifies whether certificates presented for host authentication are checked to determine if they are valid and signed by a trusted CA. CAUTION: Disabling this option can make connections vulnerable to man-in-the-middle attacks, which could compromise the security of the connection. |
Use security proxy | Select this option to use the Security Proxy application available as part of the Host Access Management and Security Server (MSS) product. See the Security Proxy help for more information. |
Implicit SSL/TLS Connection | IBM z/VM or z/OS Telnet servers can be configured to send the STARTTLS command when negotiating secure SSL/TLS connections. To connect to servers that are configured to send this command, unselect this option. To connect to servers that are not configured to send this command, leave this option selected. This option should be unselected for servers that require STARTTLS. When selected, secure connections to servers that send the STARTTLS command are not supported. |