Show Contents / Index / Search

SSL/TLS Tab (Security Properties Dialog Box)

Getting there (Reflection)

Getting there (FTP Client)

The Secure Sockets Layer protocol (SSL) and its compatible successor, the Transport Layer Security protocol (TLS), enable a client and server to establish a secure, encrypted connection over a public network. When you connect using SSL/TLS, the client authenticates the server before making a connection, and all data passed between Reflection and the server is encrypted. Depending on the server configuration, the server may also authenticate the client.

The options are:


Use SSL/TLS Security

Enables SSL/TLS connections. You must select this before you can set other values on the SSL/TLS tab. When Use SSL/TLS security is selected, Reflection will only connect to the host if a secure SSL/TLS connection can be established.

Before making an SSL/TLS connection, Reflection must authenticate the host. Authentication is handled through the use of digital certificates. These certificates are part of the same Public Key Infrastructure (PKI) that is used to secure internet transactions. Your computer must be configured to recognize the digital certificate presented by your host and, if necessary, to provide a certificate for client authentication. If your computer is not properly configured, or if the certificates presented for authentication are not valid, you will not be able to make SSL/TLS connections. Depending on how a host certificate was issued, you may need to install a certificate on your local computer.


Configure PKI

Opens the PKI Configuration dialog box, which you can use to configure PKI settings for Reflection SSL/TLS sessions.


Encryption Strength

Specify the desired level of encryption for SSL/TLS connections. The connection will fail if this level cannot be provided.

If you select Default, any encryption level is permitted, and Reflection will negotiate with the host system to choose the strongest encryption level supported by both the host and the client. If you are running in FIPS mode and select Default, Reflection will negotiate using only FIPS compliant encryption levels.


SSL/TLS version

Specifies which SSL or TLS version to use. TLS Version 1.0 is the newer protocol and is used by default.


Retrieve and validate certificate chain

Specifies whether certificates presented for host authentication are checked to determine if they are valid and signed by a trusted CA.

Caution: Clearing this setting creates a security risk by allowing host authentication with unvalidated certificates.


Note:Certificate validation is required when SSL/TLS version is set to TLS Version 1.0 (the newer protocol and the default). To clear this setting (which disables certificate validation), you must set SSL/TLS version to SSL Version 3.0.

Reflection Security Proxy Server Settings

When Use Reflection security proxy is enabled, Reflection connects to your host via the Reflection for the Web security proxy. You can use this proxy to configure secure connections even if your host is not running an SSL/TLS-enabled Telnet server. To support such connections, you must install and configure the proxy server and provide a server certificate on all workstations that will be connecting through the server. Use Security Proxy to specify the host running the Reflection for the Web security proxy. Use Proxy port to specify the port that the Reflection proxy server is listening on.


  • When the security proxy is used, the connection between the client and the proxy server is secured and encrypted using the SSL/TLS protocol, but information sent between the proxy server and the destination is in the clear.
  • If you configure sessions that connect through a Reflection for the Web proxy server with authorization enabled, users must log onto the Reflection for the Web server before they can connect using these sessions.

Related Topics

Which Protocols Can I Use?

Digital Certificates in SSL/TLS Sessions