In this dialog you specify options that apply to the SSL connection for QWS3270 Secure. SSL stands for Secure Sockets Layer, and TLS for Transport Layer Security. They are commonly-used protocols for managing the security of messages transmission on the Internet.
QWS3270 Secure allows you to turn SSL security on or off, and set different levels of security.
NEW in 5.0 - SSL and TLS options can now be disabled through hidden Session Parameters.
The hidden session parameters file can be found in the following path: C:\Users\%username%\AppData\Roaming\Jolly Giant Software\QWS3270 Secure\QWS3270S.jgp
Add the below lines to that file to hide that respective security option.
- DisableSSLv2=1 - disables the option to use SSLv2
- DisableSSLv3=1 - disables the option to use SSLv3
- DisableTLSv1=1 - disables the option to use TLSv1
Enable/Disable Secure Connection - This option turns SSL on or off. You will want to turn it off if you need QWS3270 Secure to connect to a host that does not support the SSL protocol.
SSL Protocol Version - Specify to use either the SSL protocol, the TLS protocol, or let the program automatically select the best option.
Minimum Cipher Strength - Select the minimum cipher strength used when negotiating the SSL connection with the host. The selected strength will be the minimum the host and the client use to encrypt their communication. It may not necessarily be the actual cipher strength used. The server and client will negotiate the actual encryption routine to be used.
Note that the actual number of cipher strength points shown on the slider in the above dialog may vary depending on Operating System.
Self Signed Certificates - Specify whether or not to accept a self-signed server certificate.
Certificates with Invalid Dates - Server certificates have a certain validity period, for example Jan. 01, 2000 to Dec. 31, 2002. Checking one or both of these options allows you to accept certificates even if they are not valid yet, e.g. the starting date of the validity period is still in the future, or if they have expired at some time in the past.
Invalid Certificates - Check the Accept Invalid Certificates if the certificate is invalid for any reason other than the date or signature. This will bypass the certificate check completely.
Use Client Certificate - Some hosts require the client to send a certificate for authentication purposes. If your host supports/requires client authorization, you can check this box and select a client certificate to use.
Client Certificate - Select the client certificate to present to the server if required. The presented certificates will be chosen from the Windows certificate store.
**New in 5.0** - SECURE ONLY - Enhanced Certificate Viewer - When choosing a Certificate on the Security section of the Session Options dialog, you will now be presented with an Windows OS specific certificate chooser. This provides more information making it easier to choose from multiple similar certificates.