Re: Telnet SSL question -- MIDRANGE-L

Hello,

Anyway, I guess my question is do I need to secure the client side?

You don't _have_ to do. The question is whether you want the added security of client authentication. In my experience, 90% of SSL telnet installations do NOT use client certificates.

That is, can I just do what I've done above, allow the Telnet server
to start both secure and non-secure and then control which users use
SSL by the relevant configuration setting on the 5250 session

The "secure and non-secure" is not related to client-side certificates. It's talking about SSL connections vs. non-SSL connections.

If you allow non-secure connects, then users with no SSL at all will be able to connect. Anything they send over the wire may be viewed by sniffing the Internet connection. Is that what you want? Personally, I only allow non-SSL from the local network. Remote users must use SSL (or a VPN, or SSH)

or do I also have to secure the QIBM_QTV_TELNET_CLIENT side with the
certificate and generate a user certificate?

Err... are you using the telnet client? (The TELNET or STRTCPTELN command). If so, do you want it to be secured?

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.