Information Center

Telnet-negotiated security overview

The Telnet-negotiated setting determines if the Transport Layer Security (TLS) negotiation between the client and the server is done on the established Telnet connection or on a TLS connection prior to Telnet negotiations. You can configure Telnet-negotiated security for Z and I Emulator for Web 3270 display and printer sessions. Telnet-negotiated security is an extension to Telnet that enables TLS to be negotiated over a Telnet connection. Telnet-negotiated security supports the TLS Protocol Version 1.0. This protocol allows security negotiation from TLS 1.0 to SSL 3.0 for servers that do not support TLS 1.0.

You can configure Telnet-negotiated security in the session configuration properties on the server or on the client workstation. There is a Telnet-negotiated radio button that is not selectable until Enable Security is set to Yes. If Enable Security and Telnet-negotiated are both set to Yes, a TLS connection is negotiated after the normal Telnet connection is established. However, the 3270 session will not start until the TLS negotiation completes successfully. If the server does not support TLS-based Telnet Security, the session will not start, and an error message will be issued.

If Enable Security is set to Yes and Telnet-negotiated is set to No, TLS negotiations are done on a TLS connection with the server.  The default setting is No because few Telnet servers support TLS-based Telnet Security. (IBM Communications Server version 2 release 10 is an example of a Telnet server that supports TLS-based Telnet Security.)

If Enable Security is set to Yes and Telnet-negotiated is set to Yes, then Enable Security is set back to No and  Telnet-negotiated is no longer selectable. The session has no security, even though Telnet-negotiated is still set to Yes because Telnet-negotiated security requires Enable Security to be first set to Yes. To set Telnet-negotiated back to No you must first set Enable Security to Yes so that Telnet-negotiated is again selectable.

If Enable Security is set to No and the server requests a TLS-based Telnet Security session from the client, the Z and I Emulator for Web client cannot start a TLS-based Telnet Security session.  An error message is then issued.

Related topic: