Session security

Z and I Emulator for Web Version 2.0 uses the TLS protocol to provide security for emulator and FTP sessions.

The TLS protocol provides communications privacy across a TCP/IP network. TLS is designed to prevent eavesdropping, message tampering, or message forgery. TLS also provides a framework that allows new cryptographic algorithms to be incorporated easily. Z and I Emulator for Web supports encryption of emulation and FTP sessions and server/client authentication according to TLS Protocol Version 1.0.

Support is provided for the following:

  • RSA type-4 data encryption on connections between the Z and I Emulator for Web clients and Telnet or FTP servers that support TLS version 1.0, 1.1, 1.2.
  • X.509 certificates.
  • Bulk encryption algorithms using keys up to 168 bits in length.
  • Authentication algorithms using keys up to 2048 bits in length.
  • Server and client authentication.
  • Support for storage and use of client certificates on the client system.
  • Optional prompting of user for client certificate when requested by server.
  • Secure session indicators. A lock icon is displayed on the session status bar to indicate to the user that the session is secure. The encryption strength, for example, 64, 128, or 256, is also displayed next to the lock icon and when the mouse hovers over the lock icon.

To support TLS services, Z and I Emulator for Web uses six databases:

ServerKeyStore.jks
Redirector can be configured to use Java Secure Socket Extension (JSSE) . When configured with JSSE, redirector reads the private key and certificates from ServerKeyStore.jks. Refer to "The Redirector" for more information.
CustomizedCAs.class

The CustomizedCAs.class is a Java class file that contains the certificates of unknown CAs and self-signed certificates that are not in the WellKnownTrusted list. If you use a self-signed certificate or a certificate from an unknown authority (CA), you need to update the CustomizedCAs.class file. However, note that you can no longer create or update the CustomizedCAs.class file using the Certificate Management utility on Windows or AIX platforms.

WellKnownTrustedCAs.class, and WellKnownTrustedCAs.jks
The WellKnownTrustedCAs.class and WellKnownTrustedCAs.jks are the files supplied by Z and I Emulator for Web that contain the public certificates of all the CAs that Z and I Emulator for Web trusts. You should not modify these files.

WellKnownTrustedCAs.class and WellKnownTrustedCAs.jks and/or CustomizedCAs.class and CustomizedCAs.jks must be present in the Z and I Emulator for Web publish directory. The Z and I Emulator for Web client uses these files to trust the server's certificate during the TLS handshake.

CustomizedCAs.jks
You can create a CustomizedCAs.jks file by using any open source Key and Certificate Management utility or keytool.exe command-line tool, which is a Java Key and Certificate Management Tool available in the JRE for this purpose.