The Client Security tab specifies the Security parameters associated with the Client TCP Port on which Security Server is listening for client connections. This is the "client" side of the secure connection. In other words, connections between the Security Server and the Client (BlueZone) will be secure.
Security ---
Client Security Level ---
The Client Security Level radio buttons set the Secure Sockets Layer version level to be negotiated.
Non-Secured is a clear text connection without any encryption. Connections configured as Non-Secure display a lightning bolt icon on the tree view adjacent to the connection name.
Secured w/ SSL v3 selects version 3 of the Secure Sockets Layer protocol. It will NOT accept client requests from SSL V2 or TLS V1 clients.
Secured w/ TLS v1 selects version 1 of the Transport Layer Security protocol. It is compatible with SSL V2 and SSL V3, and is the default.
Use AUTH TLS-P enable if your FTP Host requires this command (used with IBM Mainframe FTP servers)
Encryption Strength ---
The Encryption Strength radio buttons set the available cipher suites required for client connections.
Export Ciphers Only allows only SSL enabled clients supporting the 40-bit, less secure, exportable cipher suite to connect.
All Ciphers allows any SSL enabled client to connect regardless of the cipher strength.
Strong Ciphers Only allows only SSL enabled clients capable of 128 bit encryption or greater to connect. This is the recommended setting.
Authentication Method ---
The Authentication Method radio buttons select the third-party authentication system to use.
None disables third-party authentication
Win/NT Domain enables standard Windows Domain Authentication. To use an existing Domain controller, the Security Server must have network access to the PDC. Alternatively, a local user list may be created on the NT Server hosting the SEAGULL Security Server.
SDI SecurID enables RSA/Security Dynamics Ace Server support for token authentication. When enabled, users will be prompted for their SecurID passcode when they attempt to connect to the SEAGULL Security Server. All SecurID passcode functions are supported.
Blockade enables authentication through the Blockade Enterprise Security Server using Userid/Password or any supported token authentication. The Configure button displays the Blockade Authentication Server dialog.
IP Address: Enter the IP address of the Blockade ESS.
Secret Key: Enter the Secret Key to access the ESS.
Max Connection Attempts: Sets the number retries using an invalid userid or password.
Connection Timeout: Sets the time out within which the ESS must respond with user authentication information.
Client Certificates ---
The Client Certificates check boxes enable the server to request a client certificate during the SSL negotiation.
Use Client Certificates configures Security Server to request a Client Certificate during the SSL negotiation. If a valid client certificate is not provided by the client, the connection will be terminated.
Match CN to Userid configures the Security Server to match the Common Name on the Client Certificate with the User ID used with third-party authentication specified in the Authentication Method radio buttons.
Match CN to Reference Cert configures the Security Server to match the Client Certificate presented by the user to a reference copy stored on the server.
The Maximum number of allowed signon attempts: edit box specifies the maximum number of user authentication attempts.
The Server Certificate: drop down box allows you to choose the particular Server Certificate that you want to associate with this Connection.