With the -H option you can enable and disable support of the ENCRYPTION option, which is used to negotiate the encryption method and the key used. Currently only variants DES_CFB64 and DES_OFB64 of DES64 are supported in TELNET.
As single DES with 56 bit key length doesn't provide anymore a sufficiently protection one should not use this option anymore, but always use encryption via TLS (-Z option).
The -H option may not be specified at the same time as the option -Z tls-required (see "-Z tls-required") or -B on (see "-B option - Enable/disable the AUTHENTICATION option"). If it is, the following error message is issued:
error: SSL and encryption opton
Only encryption routines from the OpenSSL library are used. If an OpenSSL library with a name different from the default file name (SYSLNK.TCP-IP-AP.nnn) is to be used, you can specify this using the -Z OpenSSLlibName option (see "-Z OpenSSLlibName").
-H |
{on | off | debug | key={<c-string 1..8> | <x-string 1..16>} |
on
The ENCRYPTION option is supported.
off
The ENCRYPTION option is not supported.
debug
The encryption trace is enabled.
key={<c-string 1..8> | <x-string 1..16>}
Encryption key for DES
- Note that no distinction is made between the key for encryption and the key for decryption. The TELNET client and TELNET server use the same key. In the case of the TELNET server this means that this key applies for all TELNET clients.
- When
-H onis specified, the specification-H key=... is always required, otherwise the following error message is issued:Error: Encryption on and no Encryption Key!