What Are My Security Options?

Use the following table to determine which security options and protocols are available for each type of session in EXTRA! 9.3 SP1 and later.

Session

Available Security Protocols

 

Encryption

FIPS 140-2*

Certificates†

Authentication Tokens‡

End-to-End Encryption‡

ID Mgmt ‡

3270

 

SSL 3.0

No

Yes

Yes

Yes§

Yes

TLS 1.2

No

Yes

Yes

Yes

Yes

TLS 1.0

Yes

Yes

Yes

Yes

Yes

5250

 

SSL 3.0

 

No

Yes

Yes

NA

Yes

TLS 1.2

No

Yes

Yes

NA

Yes

TLS 1.0

Yes

Yes

Yes

NA

Yes

VT - Telnet

 

SSL 3.0

No

Yes

Yes

NA

Yes

TLS 1.2

No

Yes

Yes

NA

Yes

TLS 1.0

Yes

Yes

Yes

NA

Yes

VT - SSH

SSH

Yes

Yes

No

NA

Yes

HP 6530

 

No

Yes

No

NA

Yes

* FIPS 140-2 mode allows the following configurations:

  • TLS 1.0 connections using 3DES (168-bit) or AES (128-bit) encryption and SHA-1 hash
  • Secure Shell connections using 3DES (168-bit) or AES (128, 192, or 256-bit) encryption and SHA-1 hash

Supported certificates include self-signed certificates and those issued by a Certificate Authority (CA). To use certificates successfully, you must know how they are handled for your server. For more information, see Authenticating with Certificates in EXTRA!.

Requires installation of Reflection Security Gateway and configuration of the Reflection Security Proxy.

§ End-to-end encryption allows IBM mainframe emulation sessions to combine Express Logon and the user authorization feature of Reflection Security Gateway.

|| SHA256 values are only supported via client and server certificates.