Use the following table to determine which security options and protocols are available for each type of session in Extra! 9.3 SP1 and later.
Session |
Available Security Protocols |
|||||
---|---|---|---|---|---|---|
|
Encryption |
FIPS 140-2* |
Certificates† |
Authentication Tokens‡ |
End-to-End Encryption‡ |
ID Mgmt ‡ |
|
No |
Yes |
Yes |
Yes§ |
Yes |
|
No |
Yes |
Yes |
Yes |
Yes |
||
Yes |
Yes |
Yes |
Yes |
Yes |
||
|
No |
Yes |
Yes |
NA |
Yes |
|
No |
Yes |
Yes |
NA |
Yes |
||
Yes |
Yes |
Yes |
NA |
Yes |
||
|
No |
Yes |
Yes |
NA |
Yes |
|
No |
Yes |
Yes |
NA |
Yes |
||
Yes |
Yes |
Yes |
NA |
Yes |
||
|
Yes |
Yes |
No |
NA |
Yes |
|
|
|
No |
Yes |
No |
NA |
Yes |
* FIPS 140-2 mode allows the following configurations:
TLS 1.0 and TLS 1.2 connections using 3DES (168-bit) or AES (128-bit) encryption and SHA-1 hash
Secure Shell connections using 3DES (168-bit) or AES (128, 192, or 256-bit) encryption and SHA-1 hash
† Supported certificates include self-signed certificates and those issued by a Certificate Authority (CA). To use certificates successfully, you must know how they are handled for your server. For more information, see Authenticating with Certificates in Extra!.
‡ Requires installation of Management and Security Server and configuration of the Reflection Security Proxy.
§ End-to-end encryption allows IBM mainframe emulation sessions to combine Express Logon and the user authorization feature of Management and Security Server.
|| SHA256 values are only supported via client and server certificates.