Secure Sockets Layer (SSL)
BlueZone provides additional security features beyond those supplied through the network operating systems (NOS) or the native host security systems. The primary security function is a full implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption protocols that provides privacy, authentication, and message integrity. When used in conjunction with the BlueZone Security Server, BlueZone provides RSA SecurID Authentication and NT Domain Authentication. The iSeries also provides password encryption through the TN5250E server, referred to as the Encrypted Substitute Password feature, which BlueZone also supports.
SSL v3, TLS v1, TLS v1.1 and TLS v1.2 are the current Internet standards to insure privacy, message integrity, and authentication. This standardization ensures that BlueZone emulation clients work with any SSL/TLS enabled Telnet server including OS/390, z/OS, IBM CSNT, Novell NWSAA, and OS/400. If an SSL or TLS enabled Telnet server is not available, the Security Server can SSL enable any Telnet server.
BlueZone Mainframe Display and Printer emulators, and the iSeries Display and Printer emulators support both Implicit SSL/TLS and Explicit SSL/TLS encryption. The SSL/TLS feature can be implemented in BlueZone on a connection-by-connection basis during the configuration process. BlueZone can also be distributed preconfigured with the encryption settings, eliminating user intervention in the installation and configuration process.
Refer to SSL/TLS configuration for the Telnet server being used for additional information. If the Security Server is being used, see the BlueZone Security Server Administrator's Guide for more information.
Refer to the BlueZone Display and Printer User's Guide for more information about configuring the Implicit SSL/TLS and Explicit SSL/TLS encryption feature in the Session Configuration.
