Session security

Start of changeZ and I Emulator for Web Version 2.0 uses the TLS protocol to provide security for emulator and FTP sessions. End of change

Start of changeThe TLS protocol provides communications privacy across a TCP/IP network. TLS is designed to prevent eavesdropping, message tampering, or message forgery. TLS also provides a framework that allows new cryptographic algorithms to be incorporated easily. Z and I Emulator for Web supports encryption of emulation and FTP sessions and server/client authentication according to TLS Protocol Version 1.0.End of change

Support is provided for the following:

  • Start of changeRSA type-4 data encryption on connections between the Z and I Emulator for Web clients and Telnet or FTP servers that support TLS version 1.0, 1.1, 1.2.End of change
  • X.509 certificates.
  • Bulk encryption algorithms using keys up to 168 bits in length.
  • Start of changeAuthentication algorithms using keys up to 2048 bits in length.End of change
  • Server and client authentication.
  • Support for storage and use of client certificates on the client system.
  • Optional prompting of user for client certificate when requested by server.
  • Secure session indicators. A lock icon is displayed on the session status bar to indicate to the user that the session is secure. The encryption strength, for example, 64, 128, or 256, is also displayed next to the lock icon and when the mouse hovers over the lock icon.

Start of changeTo support TLS services, Z and I Emulator for Web uses six databases:End of change

Start of changeServerKeyStore.jksEnd of change
Start of changeRedirector can be configured to use Java Secure Socket Extension (JSSE) . When configured with JSSE, redirector reads the private key and certificates from ServerKeyStore.jks. Refer to "The Redirector" for more information. End of change
CustomizedCAs.class

The CustomizedCAs.class is a Java class file that contains the certificates of unknown CAs and self-signed certificates that are not in the WellKnownTrusted list. If you use a self-signed certificate or a certificate from an unknown authority (CA), you need to update the CustomizedCAs.class file. However, note that you can no longer create or update the CustomizedCAs.class file using the Certificate Management utility on Windows or AIX platforms.

Start of changeWellKnownTrustedCAs.class, and WellKnownTrustedCAs.jks End of change
Start of changeStart of changeThe WellKnownTrustedCAs.class and WellKnownTrustedCAs.jks are the files supplied by Z and I Emulator for Web that contain the public certificates of all the CAs that Z and I Emulator for Web trusts. You should not modify these files.End of changeEnd of change

Start of changeWellKnownTrustedCAs.class and WellKnownTrustedCAs.jks and/or CustomizedCAs.class and CustomizedCAs.jks must be present in the Z and I Emulator for Web publish directory. The Z and I Emulator for Web client uses these files to trust the server's certificate during the TLS handshake.End of change

Start of changeCustomizedCAs.jksEnd of change
Start of changeYou can create a CustomizedCAs.jks file by using any open source Key and Certificate Management utility or keytool.exe command-line tool, which is a Java Key and Certificate Management Tool available in the JRE for this purpose. End of change