Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

TLS/SSL support on the TELNET server

&pagelevel(3)&pagelevel

You will find a general overview of TLS/SSL in the interNet Services User Guide.

As TLS is a term introduced since quite some time and the versions of the SSL/TLS protocol named with 'SSL' are no longer supported, in the interNet Services Guides mostly only TLS instead TLS/SSL is used. Only in option names and the like 'SSL' remains.

TLS support on the TELNET server offers a wide range of setting options. You can make these settings as follows:


Parameterization of TLS support on the TELNET server

Below you will find an overview of the possible settings for TLS support on the TELNET server using the options. The individual options correspond to equivalent parameters in the SET-FTP-TELNET-PARAMETERS command.

The following options are available for setting parameters for TLS support on the TELNET server:

  • START-TLS option (-Z tls-required, see "-Z tls-required")

    This option allows you to control TLS support on the TELNET server. A raft of additional options (-Z options) is provided here (see the table on "TLS/SSL support on the TELNET server"). Provisions for authentication are negotiated by TLS to free TELNET of this load.

  • AUTHENTICATION option (-B, see "-B option - Enable/disable the AUTHENTICATION option")

    You use this option to negotiate the provisions for authentication. In BS2000 the AUTHENTICATION option is currently only implemented for TLS.

    You can control TLS support on the TELNET server using the AUTHENTICATION option implemented for TLS. To do this you use the same -Z options as in the START-TLS option (see the table on "TLS/SSL support on the TELNET server").

  • ENCRYPTION option (-H, "-H option - Enable/disable the ENCRYPTION option")

    You use this option to negotiate the encryption method and the key used. In TELENET, currently only DES64 variants DES_CFB64 and DES_OFB64 are supported.

The START-TLS option and AUTHENTICATION option may not be enabled simultaneously. The following table lists the options with which you can control TLS support on the TELNET server in conjunction with the START-TLS / AUTHENTICATION option.

Option

Description

-Z Protocol

Choose TLS protocol versions selectively

-Z CipherSuite

Specify cipher suite preference list

-Z RSACertificateFile

Specify file which contains the RSA-based X.509 server certificate in PEM format

-Z RSAKeyFile

Specify file which contains the private RSA server key in PEM format

-Z DSACertificateFile

Specify file which contains the DSA-based X.509 server certificate in PEM format

-Z DSAKeyFile

Specify file which contains the private DSA server key in PEM format

-Z CertificateChainFile

Specify file in which all the certificates required for verification of the server certificate can be stored

-Z CACertificateFile

Specify file which contains the certificates required for authentication of the TELNET client in PEM format

-Z AcceptableClientCAFile

Specify file from which the names of the CAs that the server accepts as signatories of client certificates can be obtained

-Z CARevocationFile

Specify file which contains the CRLs of the CAs

-Z VerifyClient

Define whether the TELNET client must provide a certificate for server access

-Z VerifyDepth

Define verification depth

-Z RandFile

Specify file from which the data for initializing the PRNG is read when the server is started

-Z OpenSSLlibName

Define the LMS file from which the OpenSSL library should be dynamically loaded