Difference: APPXClientEncryption (1 vs. 27)

Revision 272016-02-11 - JeanNeron

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 7 to 7
 

Overview

Changed:
<
<
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher. The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX Server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server. The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients. The APPX Login Manager on the APPX Server may be configured to either require that an APPX Desktop Client that is requesting a connection must use SSL encryption, to only use SSL encryption if so requested by the APPX Desktop Client that is requesting a connection, or to only accept "clear text" connections from an APPX Desktop Client that is requesting a connection. If an SSL session is initiated, the APPX Login Manager may further require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
>
>
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher. The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX Server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server. The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients. The APPX Login Manager on the APPX Server may be configured to either require that an APPX Desktop Client that is requesting a connection must use SSL encryption, to only use SSL encryption if so requested by the APPX Desktop Client that is requesting a connection, or to only accept "clear text" connections from an APPX Desktop Client that is requesting a connection. If an SSL session is initiated, the APPX Login Manager may further require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
 

APPX Desktop Client Handshake

When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake". The handshake exchanges version and configuration information between the APPX Desktop Client and the APPX Login Manager. This information is used to determine whether the connection should use enable SSL encryption or use "clear text".

Line: 24 to 24
 
  • APPX Desktop Client Preferences - SSL:
Changed:
<
<
SSLPreferences.PNG
>
>
SSLPreferences.PNG
 

SSLMode

The SSLMode preference is used to identify the type of connection that the APPX Desktop Client should attempt to establish - either SSL or "clear text". Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.

Revision 262012-04-05 - BredaHennessy

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 27 to 27
 SSLPreferences.PNG

SSLMode

Changed:
<
<
The SSLMode preference is used to identify the type of connection that the APPX Desktop Client should attempt to establis - either SSL or "clear text". Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.
>
>
The SSLMode preference is used to identify the type of connection that the APPX Desktop Client should attempt to establish - either SSL or "clear text". Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.
 
  1. Required - This option is used to "Require" that the APPX Desktop Client establish an SSL connection with the APPX Login Manager on the APPX Server. In the event that the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is not configured to allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available. The value of SSLMismatchAllowed will determine if the user is provided with an option to continue with a "clear text" connection.
  2. Optional - This option is similar to the Required option. However, in the event that the APPX Server does not support or is not configured to support an SSL connection, the client will automatically establish a "clear text" connection without notifying the user. The SSLMismatchAllowed preference is not relevant when this option is specified. Note that not all pre 5.0 servers support this option. If you have trouble connecting and you are connecting to a pre 5.0 sever, you should use the 'Disabled' option below. Most pre 5.0 Windows servers (appxdsvc) do not support this option.
Line: 52 to 52
 This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager. If the specified amount of time passes without establishing an SSL connection, then the connect request will fail. This option is not relevant when the value of SSLMode is "disabled".
  1. An integer 0 through 10, with the default being 3.
Changed:
<
<

APPX Login Manager Prameters - SSL

>
>

APPX Login Manager Parameters - SSL

  Please refer to the APPX Login Manager on the Release 5 features page for information relating to SSL server configuration options.

Revision 252010-11-11 - JeanNeron

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 39 to 39
 
  1. False - An SSL connection is only allowed if the server has a signed certificate.

SSLMismatchAllowed

Changed:
<
<
This preference determines whether or not the user is provided with an option to continue in the event that the required connection type is not available. If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling. For example, if SSLMode is set to Required but the server does not allow
>
>
This preference determines whether or not the user is provided with an option to continue in the event that the required connection type is not available. If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established. True, the user is given the option of continuing with a different type of connection or cancelling. For example, if SSLMode is set to Required but the server does not allow SSL connections:
 
  1. True - If the requested type of connection, either SSL or "clear text", is not available, the user is provided an option to continue with the type of connection that is available.
  2. False - If the requested type of connection, either SSL or "clear text", is not available, the connection attempt fails.

SSLSelfSignedAllowed

Revision 242009-12-18 - JeanNeron

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 30 to 30
 The SSLMode preference is used to identify the type of connection that the APPX Desktop Client should attempt to establis - either SSL or "clear text". Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.

  1. Required - This option is used to "Require" that the APPX Desktop Client establish an SSL connection with the APPX Login Manager on the APPX Server. In the event that the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is not configured to allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available. The value of SSLMismatchAllowed will determine if the user is provided with an option to continue with a "clear text" connection.
Changed:
<
<
  1. Optional - This option is similar to the Required option. However, in the event that the APPX Server does not support or is not configured to support an SSL connection, the client will automatically establish a "clear text" connection without notifying the user. The SSLMismatchAllowed preference is not relevant when this option is specified.
  2. Disabled - This option is used to "Disable" the APPX Desktop Client's ability to establish an SSL connection. In other words, this option is used to "require" that the APPX Desktop Client establish a "clear text" connection with the APPX Login Manager on the APPX Server. In the event that the APPX Login Manager is not configured to allow a "clear text" connection, the client will display an error dialog informing the user that a "clear text" connection with the requested APPX Server is not allowed. The value of SSLMismatchAllowed will determine if the user if provided with an option to continue with an SSL connection.
>
>
  1. Optional - This option is similar to the Required option. However, in the event that the APPX Server does not support or is not configured to support an SSL connection, the client will automatically establish a "clear text" connection without notifying the user. The SSLMismatchAllowed preference is not relevant when this option is specified. Note that not all pre 5.0 servers support this option. If you have trouble connecting and you are connecting to a pre 5.0 sever, you should use the 'Disabled' option below. Most pre 5.0 Windows servers (appxdsvc) do not support this option.
  2. Disabled - This option is used to "Disable" the APPX Desktop Client's ability to establish an SSL connection. In other words, this option is used to "require" that the APPX Desktop Client establish a "clear text" connection with the APPX Login Manager on the APPX Server. In the event that the APPX Login Manager is not configured to allow a "clear text" connection, the client will display an error dialog informing the user that a "clear text" connection with the requested APPX Server is not allowed. The value of SSLMismatchAllowed will determine if the user if provided with an option to continue with an SSL connection. You may also have to use this option when connecting with pre 5.0 servers if the client hangs when attempting the connection.
 

SSLAnonAllowed

This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that does not have an SSL certificate signed by a trusted authority such as Verisign or Thawte.

Revision 232009-12-08 - JeanNeron

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 49 to 49
 
  1. False - The connection is not allowed

SSLHandshakeTimeout

Changed:
<
<
This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager. If the specified amount of time passes without establishing an SSL connection, then the connect request will fail. This option is not relevant when the value of SSLMode is "Pre43".
>
>
This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager. If the specified amount of time passes without establishing an SSL connection, then the connect request will fail. This option is not relevant when the value of SSLMode is "disabled".
 
  1. An integer 0 through 10, with the default being 3.

APPX Login Manager Prameters - SSL

Revision 222009-12-08 - JeanNeron

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"
Deleted:
<
<
 

APPX Desktop Client Encryption

Added:
>
>
 Effective with Release 5.0.0, the APPX Desktop Client includes an option to enable SSL encryption for "Remote" APPX Desktop Client sessions.

Line: 7 to 7
 

Overview

Changed:
<
<
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX Server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to either require that an APPX Desktop Client that is requesting a connection must use SSL encryption, to only use SSL encryption if so requested by the APPX Desktop Client that is requesting a connection, or to only accept "clear text" connections from an APPX Desktop Client that is requesting a connection.  If an SSL session is initiated, the APPX Login Manager may further require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
>
>
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher. The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX Server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server. The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients. The APPX Login Manager on the APPX Server may be configured to either require that an APPX Desktop Client that is requesting a connection must use SSL encryption, to only use SSL encryption if so requested by the APPX Desktop Client that is requesting a connection, or to only accept "clear text" connections from an APPX Desktop Client that is requesting a connection. If an SSL session is initiated, the APPX Login Manager may further require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
 

APPX Desktop Client Handshake

Changed:
<
<
When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake".  The handshake exchanges version and configuration information between the APPX Desktop Client and the APPX Login Manager.  This information is used to determine whether the connection should use enable SSL encryption or use "clear text".
>
>
When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake". The handshake exchanges version and configuration information between the APPX Desktop Client and the APPX Login Manager. This information is used to determine whether the connection should use enable SSL encryption or use "clear text".
 
Changed:
<
<
APPX Desktop Client versions prior to 5.0 are not able to connect using SSL.  If you want to use SSL, you must upgrade your APPX Desktop Client to version 5.0 or higher.  You must also upgrade your server to APPX Server version 5.0 or higher.  The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server.  Please note that while it is technically possible for an APPX Desktop Client version prior to 5.0 to connect to an APPX Server version of 5.0 or higher, this combination is not recommended or supported since upward compatibility of old APPX Desktop Client versions with newer APPX Server versions is not assured.  The APPX Desktop Client version should always be the same or higher than the APPX Server version with which a session is to be established.
>
>
APPX Desktop Client versions prior to 5.0 are not able to connect using SSL. If you want to use SSL, you must upgrade your APPX Desktop Client to version 5.0 or higher. You must also upgrade your server to APPX Server version 5.0 or higher. The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server. Please note that while it is technically possible for an APPX Desktop Client version prior to 5.0 to connect to an APPX Server version of 5.0 or higher, this combination is not recommended or supported since upward compatibility of old APPX Desktop Client versions with newer APPX Server versions is not assured. The APPX Desktop Client version should always be the same or higher than the APPX Server version with which a session is to be established.
 
Changed:
<
<
Client/APPX Versions APPX-Prior to 5.0  APPX-5.0 & Higher
>
>
Client/APPX Versions APPX-Prior to 5.0 APPX-5.0 & Higher
 
Client - Prior to 5.0 Clear Text Only Clear Text Only
Changed:
<
<
Client - 5.0 & Higher Clear Text Only Clear Text or SSL
>
>
Client - 5.0 & Higher Clear Text Only Clear Text or SSL
 
Changed:
<
<

APPX Desktop Client Preferences - SSL 

>
>

APPX Desktop Client Preferences - SSL

 
Changed:
<
<
The APPX Desktop Client provides five preferences (parameters) relating to configuring the APPX Desktop Client  to use SSL encryption.
>
>
The APPX Desktop Client provides five preferences (parameters) relating to configuring the APPX Desktop Client to use SSL encryption.
 
Changed:
<
<
 
  • APPX Desktop Client Preferences - SSL:
>
>
  • APPX Desktop Client Preferences - SSL:
 
Changed:
<
<
SSLPreferences.PNG
>
>
SSLPreferences.PNG
 

SSLMode

Changed:
<
<
The SSLMode preference is used to identify the type of connection that the APPX Desktop Client should attempt to establis - either SSL or "clear text".  Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.
>
>
The SSLMode preference is used to identify the type of connection that the APPX Desktop Client should attempt to establis - either SSL or "clear text". Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.
 
Changed:
<
<
 
  1. Required - This option is used to "Require" that the APPX Desktop Client establish an SSL connection with the APPX Login Manager on the APPX Server.  In the event that the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is not configured to allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available.  The value of SSLMismatchAllowed will determine if the user is provided with an option to continue with a "clear text" connection.
  2. Optional - This option is similar to the Required option.  However, in the event that the APPX Server does not support or is not configured to support an SSL connection, the client will automatically establish a "clear text" connection without notifying the user.  The SSLMismatchAllowed preference is not relevant when this option is specified.
  3. Disabled - This option is used to "Disable" the APPX Desktop Client's ability to establish an SSL connection.  In other words, this option is used to "require" that the APPX Desktop Client establish a "clear text" connection with the APPX Login Manager on the APPX Server.  In the event that the APPX Login Manager is not configured to allow a "clear text" connection, the client will display an error dialog informing the user that a "clear text" connection with the requested APPX Server is not allowed.  The value of SSLMismatchAllowed will determine if the user if provided with an option to continue with an SSL connection. 
  4. Pre43 - This option is used to specify that the Pre-5.0 Handshake protocol is to be used to initiate a "clear text" APPX Desktop Client connection with an APPX Server.  If a "clear text" connection cannot be established within 5 seconds, the connection attempt will fail.  This option is compatible with all versions of the APPX Login Manager including older versions such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.  Since this option can only establish a "clear text" connection, the other SSL perferences are not relevant when this option is specified.
>
>
  1. Required - This option is used to "Require" that the APPX Desktop Client establish an SSL connection with the APPX Login Manager on the APPX Server. In the event that the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is not configured to allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available. The value of SSLMismatchAllowed will determine if the user is provided with an option to continue with a "clear text" connection.
  2. Optional - This option is similar to the Required option. However, in the event that the APPX Server does not support or is not configured to support an SSL connection, the client will automatically establish a "clear text" connection without notifying the user. The SSLMismatchAllowed preference is not relevant when this option is specified.
  3. Disabled - This option is used to "Disable" the APPX Desktop Client's ability to establish an SSL connection. In other words, this option is used to "require" that the APPX Desktop Client establish a "clear text" connection with the APPX Login Manager on the APPX Server. In the event that the APPX Login Manager is not configured to allow a "clear text" connection, the client will display an error dialog informing the user that a "clear text" connection with the requested APPX Server is not allowed. The value of SSLMismatchAllowed will determine if the user if provided with an option to continue with an SSL connection.
 

SSLAnonAllowed

This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that does not have an SSL certificate signed by a trusted authority such as Verisign or Thawte.

Changed:
<
<
  1. True - An SSL connection is allowed whether or not the server has a signed certificate. 
>
>
  1. True - An SSL connection is allowed whether or not the server has a signed certificate.
 
  1. False - An SSL connection is only allowed if the server has a signed certificate.

SSLMismatchAllowed

Changed:
<
<
This preference determines whether or not the user is provided with an option to continue in the event that the required connection type is not available.  If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling.  For example, if  SSLMode is set to Required but the server does not allow
  1. True - If the requested type of connection, either SSL or "clear text", is not available, the user is provided an option to continue with the type of connection that is available.
>
>
This preference determines whether or not the user is provided with an option to continue in the event that the required connection type is not available. If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling. For example, if SSLMode is set to Required but the server does not allow
  1. True - If the requested type of connection, either SSL or "clear text", is not available, the user is provided an option to continue with the type of connection that is available.
 
  1. False - If the requested type of connection, either SSL or "clear text", is not available, the connection attempt fails.

SSLSelfSignedAllowed

Changed:
<
<
This preference determines whether or not the APPX Desktop Client is allowed to establish an SSL connection with an APPX Server that has a self-signed SSL certificate.
>
>
This preference determines whether or not the APPX Desktop Client is allowed to establish an SSL connection with an APPX Server that has a self-signed SSL certificate.
 
  1. True - The connection is allowed
  2. False - The connection is not allowed

SSLHandshakeTimeout

Changed:
<
<
This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager.  If the specified amount of time passes without establishing an SSL connection, then the connect request will fail.  This option is not relevant when the value of SSLMode is "Pre43".
>
>
This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager. If the specified amount of time passes without establishing an SSL connection, then the connect request will fail. This option is not relevant when the value of SSLMode is "Pre43".
 
  1. An integer 0 through 10, with the default being 3.
Changed:
<
<

APPX Login Manager Prameters - SSL

>
>

APPX Login Manager Prameters - SSL

 
Changed:
<
<
Please refer to the  APPX Login Manager for information relating to SSL server configuration options.
>
>
Please refer to the APPX Login Manager on the Release 5 features page for information relating to SSL server configuration options.
 

Limitations:

  1. The APPX Desktop Client has not yet implemented the feature that will allow a certificate on the client to be provided to the APPX Server.
Line: 68 to 66
 Read what other users have said about this page or add your own comments.
Changed:
<
<
SSLMode - The option value should be changed from Pre43 to be NoSSL or PreSSL
>
>
SSLMode - The option value should be changed from Pre43 to be NoSSL or PreSSL
  -- SteveFrizzell - 19 Sep 2008
<--/commentPlugin-->

-- AlKalter - 04 Apr 2008

Deleted:
<
<
 
META FILEATTACHMENT attachment="SSLPreferences.PNG" attr="h" comment="APPX Desktop Client Preferences - SSL" date="1221857776" name="SSLPreferences.PNG" path="C:\Documents and Settings\steve\Desktop\SSLPreferences.PNG" size="16976" stream="C:\Documents and Settings\steve\Desktop\SSLPreferences.PNG" user="Main.SteveFrizzell" version="1"

Revision 212008-09-25 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 59 to 59
  Please refer to the  APPX Login Manager for information relating to SSL server configuration options.
Changed:
<
<

Known Limitations

>
>

Limitations:

 
  1. The APPX Desktop Client has not yet implemented the feature that will allow a certificate on the client to be provided to the APPX Server.
Added:
>
>

Enhancement Suggestions:

None yet.

 

Comments:

Read what other users have said about this page or add your own comments.

Revision 202008-09-22 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 73 to 73
 
Changed:
<
<
META FILEATTACHMENT attachment="SSLPreferences.PNG" attr="" comment="APPX Desktop Client Preferences - SSL" date="1221857776" name="SSLPreferences.PNG" path="C:\Documents and Settings\steve\Desktop\SSLPreferences.PNG" size="16976" stream="C:\Documents and Settings\steve\Desktop\SSLPreferences.PNG" user="Main.SteveFrizzell" version="1"
>
>
META FILEATTACHMENT attachment="SSLPreferences.PNG" attr="h" comment="APPX Desktop Client Preferences - SSL" date="1221857776" name="SSLPreferences.PNG" path="C:\Documents and Settings\steve\Desktop\SSLPreferences.PNG" size="16976" stream="C:\Documents and Settings\steve\Desktop\SSLPreferences.PNG" user="Main.SteveFrizzell" version="1"

Revision 192008-09-19 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"
Added:
>
>
 

APPX Desktop Client Encryption

Effective with Release 5.0.0, the APPX Desktop Client includes an option to enable SSL encryption for "Remote" APPX Desktop Client sessions.
Line: 17 to 18
 
Client - Prior to 5.0 Clear Text Only Clear Text Only
Client - 5.0 & Higher Clear Text Only Clear Text or SSL
Changed:
<
<

APPX Desktop Client SSL Preferences

>
>

APPX Desktop Client Preferences - SSL 

The APPX Desktop Client provides five preferences (parameters) relating to configuring the APPX Desktop Client  to use SSL encryption.

 

  • APPX Desktop Client Preferences - SSL:
 
Changed:
<
<
The APPX Desktop Client provides five preferences (parameters) relating to SSL connection requests.  Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.
>
>
SSLPreferences.PNG
 

SSLMode

Added:
>
>
The SSLMode preference is used to identify the type of connection that the APPX Desktop Client should attempt to establis - either SSL or "clear text".  Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.

 

 
  1. Required - This option is used to "Require" that the APPX Desktop Client establish an SSL connection with the APPX Login Manager on the APPX Server.  In the event that the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is not configured to allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available.  The value of SSLMismatchAllowed will determine if the user is provided with an option to continue with a "clear text" connection.
  2. Optional - This option is similar to the Required option.  However, in the event that the APPX Server does not support or is not configured to support an SSL connection, the client will automatically establish a "clear text" connection without notifying the user.  The SSLMismatchAllowed preference is not relevant when this option is specified.
  3. Disabled - This option is used to "Disable" the APPX Desktop Client's ability to establish an SSL connection.  In other words, this option is used to "require" that the APPX Desktop Client establish a "clear text" connection with the APPX Login Manager on the APPX Server.  In the event that the APPX Login Manager is not configured to allow a "clear text" connection, the client will display an error dialog informing the user that a "clear text" connection with the requested APPX Server is not allowed.  The value of SSLMismatchAllowed will determine if the user if provided with an option to continue with an SSL connection. 
Line: 32 to 42
 
  1. False - An SSL connection is only allowed if the server has a signed certificate.

SSLMismatchAllowed

Changed:
<
<
This preference determines whether or not the user is provided with an option to continue in the event that the required connection type is not available.  If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling.  For example, if SSLMode is set to Required but the server does not allow
>
>
This preference determines whether or not the user is provided with an option to continue in the event that the required connection type is not available.  If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling.  For example, if  SSLMode is set to Required but the server does not allow
 
  1. True - If the requested type of connection, either SSL or "clear text", is not available, the user is provided an option to continue with the type of connection that is available.
  2. False - If the requested type of connection, either SSL or "clear text", is not available, the connection attempt fails.

SSLSelfSignedAllowed

Line: 42 to 52
 
  1. False - The connection is not allowed

SSLHandshakeTimeout

Changed:
<
<
This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager.  If the specified amount of time passes without establishing an SSL connection, then the connect request will fail.  This option is not relevant when the value of SSLMode is "Pre43".
>
>
This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager.  If the specified amount of time passes without establishing an SSL connection, then the connect request will fail.  This option is not relevant when the value of SSLMode is "Pre43".
 
  1. An integer 0 through 10, with the default being 3.
Changed:
<
<

APPX Connection Manager SSL parameters.

>
>

APPX Login Manager Prameters - SSL

 
Changed:
<
<
Please refer to the  APPX Login Manager for server configuration options relating to SSL.
>
>
Please refer to the  APPX Login Manager for information relating to SSL server configuration options.
 
Changed:
<
<

Suggested Behavior:

  1. A field or two need to be added to the AppxDesktopClient SSL configuration parameters that would work with the AppxLoginMgr 's field named RequireSSLClientCertificates.
>
>

Known Limitations

  1. The APPX Desktop Client has not yet implemented the feature that will allow a certificate on the client to be provided to the APPX Server.
 

Comments:

Read what other users have said about this page or add your own comments.
Changed:
<
<
<--/commentPlugin-->
>
>
SSLMode - The option value should be changed from Pre43 to be NoSSL or PreSSL

-- SteveFrizzell - 19 Sep 2008

<--/commentPlugin-->
  -- AlKalter - 04 Apr 2008
Added:
>
>

META FILEATTACHMENT attachment="SSLPreferences.PNG" attr="" comment="APPX Desktop Client Preferences - SSL" date="1221857776" name="SSLPreferences.PNG" path="C:\Documents and Settings\steve\Desktop\SSLPreferences.PNG" size="16976" stream="C:\Documents and Settings\steve\Desktop\SSLPreferences.PNG" user="Main.SteveFrizzell" version="1"

Revision 182008-09-19 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Effective with Release 5.0.0, the APPX Desktop Client includes an option to enable SSL encryption for "Remote" APPX Desktop Client sessions.
Line: 6 to 6
 

Overview

Changed:
<
<
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX Server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to either require that an APPX Desktop Client that is requesting a connection must use SSL encryption, to only use SSL encryption if so requested by the APPX Desktop Client that is requesting a connection, or to only accept "clear text" connections from an APPX Desktop Client that is requesting a connection.  If an SSL session is initiated, the APPX Login Manager may further require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
>
>
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX Server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to either require that an APPX Desktop Client that is requesting a connection must use SSL encryption, to only use SSL encryption if so requested by the APPX Desktop Client that is requesting a connection, or to only accept "clear text" connections from an APPX Desktop Client that is requesting a connection.  If an SSL session is initiated, the APPX Login Manager may further require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
 

APPX Desktop Client Handshake

When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake".  The handshake exchanges version and configuration information between the APPX Desktop Client and the APPX Login Manager.  This information is used to determine whether the connection should use enable SSL encryption or use "clear text".

Line: 19 to 19
 

APPX Desktop Client SSL Preferences

Changed:
<
<
The APPX Desktop Client provides five preferences (parameters) relating to SSL connection requests.  Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.

SSLMode

>
>
The APPX Desktop Client provides five preferences (parameters) relating to SSL connection requests.  Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.

SSLMode

 
  1. Required - This option is used to "Require" that the APPX Desktop Client establish an SSL connection with the APPX Login Manager on the APPX Server.  In the event that the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is not configured to allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available.  The value of SSLMismatchAllowed will determine if the user is provided with an option to continue with a "clear text" connection.
  2. Optional - This option is similar to the Required option.  However, in the event that the APPX Server does not support or is not configured to support an SSL connection, the client will automatically establish a "clear text" connection without notifying the user.  The SSLMismatchAllowed preference is not relevant when this option is specified.
  3. Disabled - This option is used to "Disable" the APPX Desktop Client's ability to establish an SSL connection.  In other words, this option is used to "require" that the APPX Desktop Client establish a "clear text" connection with the APPX Login Manager on the APPX Server.  In the event that the APPX Login Manager is not configured to allow a "clear text" connection, the client will display an error dialog informing the user that a "clear text" connection with the requested APPX Server is not allowed.  The value of SSLMismatchAllowed will determine if the user if provided with an option to continue with an SSL connection. 
  4. Pre43 - This option is used to specify that the Pre-5.0 Handshake protocol is to be used to initiate a "clear text" APPX Desktop Client connection with an APPX Server.  If a "clear text" connection cannot be established within 5 seconds, the connection attempt will fail.  This option is compatible with all versions of the APPX Login Manager including older versions such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.  Since this option can only establish a "clear text" connection, the other SSL perferences are not relevant when this option is specified.
Changed:
<
<

SSLAnonAllowed

>
>

SSLAnonAllowed

  This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that does not have an SSL certificate signed by a trusted authority such as Verisign or Thawte.
  1. True - An SSL connection is allowed whether or not the server has a signed certificate. 
Line: 35 to 35
 This preference determines whether or not the user is provided with an option to continue in the event that the required connection type is not available.  If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling.  For example, if SSLMode is set to Required but the server does not allow
  1. True - If the requested type of connection, either SSL or "clear text", is not available, the user is provided an option to continue with the type of connection that is available.
  2. False - If the requested type of connection, either SSL or "clear text", is not available, the connection attempt fails.
Changed:
<
<

SSLSelfSignedAllowed

>
>

SSLSelfSignedAllowed

  This preference determines whether or not the APPX Desktop Client is allowed to establish an SSL connection with an APPX Server that has a self-signed SSL certificate.
  1. True - The connection is allowed
  2. False - The connection is not allowed
Changed:
<
<

SSLHandshakeTimeout

>
>

SSLHandshakeTimeout

  This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager.  If the specified amount of time passes without establishing an SSL connection, then the connect request will fail.  This option is not relevant when the value of SSLMode is "Pre43".
  1. An integer 0 through 10, with the default being 3.

APPX Connection Manager SSL parameters.

Changed:
<
<
Please refer to the  APPX Login Manager for server configuration options relating to SSL.
>
>
Please refer to the  APPX Login Manager for server configuration options relating to SSL.
 

Suggested Behavior:

  1. A field or two need to be added to the AppxDesktopClient SSL configuration parameters that would work with the AppxLoginMgr 's field named RequireSSLClientCertificates.

Revision 172008-09-19 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"
Deleted:
<
<
 

APPX Desktop Client Encryption

Effective with Release 5.0.0, the APPX Desktop Client includes an option to enable SSL encryption for "Remote" APPX Desktop Client sessions.
Line: 7 to 6
 

Overview

Changed:
<
<
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to require that the APPX Desktop Client must use SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
>
>
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX Server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to either require that an APPX Desktop Client that is requesting a connection must use SSL encryption, to only use SSL encryption if so requested by the APPX Desktop Client that is requesting a connection, or to only accept "clear text" connections from an APPX Desktop Client that is requesting a connection.  If an SSL session is initiated, the APPX Login Manager may further require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
 

APPX Desktop Client Handshake

Changed:
<
<
When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake".  The handshake exchanges version and configuration information to determine whether or not the connection is able to use SSL and whether or not the connection should use SSL.
>
>
When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake".  The handshake exchanges version and configuration information between the APPX Desktop Client and the APPX Login Manager.  This information is used to determine whether the connection should use enable SSL encryption or use "clear text".
  APPX Desktop Client versions prior to 5.0 are not able to connect using SSL.  If you want to use SSL, you must upgrade your APPX Desktop Client to version 5.0 or higher.  You must also upgrade your server to APPX Server version 5.0 or higher.  The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server.  Please note that while it is technically possible for an APPX Desktop Client version prior to 5.0 to connect to an APPX Server version of 5.0 or higher, this combination is not recommended or supported since upward compatibility of old APPX Desktop Client versions with newer APPX Server versions is not assured.  The APPX Desktop Client version should always be the same or higher than the APPX Server version with which a session is to be established.
Line: 22 to 21
  The APPX Desktop Client provides five preferences (parameters) relating to SSL connection requests.  Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.

SSLMode

Changed:
<
<
  1. Required - When this option is specified, the APPX Desktop Client will attempt to establish an SSL connection with the APPX Login Manager on the APPX server.  If the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is configured to not allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available.  In this case, the user has the option of cancelling the connection request or allowing the connection to proceed without enabling SSL encryption.
  2. Optional - This option is similar to the Required option.  However, in the event that an SSL connection cannot be established, the client will automatically connect without enabling SSL and without notifying the user.
  3. Disabled - This option is used to "Disable" the APPX Desktop Client's ability to establish an SSL connection.  In other words, this option is used to specify that a "clear text" connection is desired.  The APPX Desktop Client will first attempt to complete a 5.0 Handshake.  If an appropriate response is not received within the specified SSLHandshakeTimeout, then the client will attempt to complete a Pre-5.0 Handshake.  In the event that the 5.0 Handshake is completed, the client will request a "clear text" session from the APPX Login Manager.  If a "clear text" session is not allowed, then, if SSLMismatchAllowed is set to True, the client will establish an SSL connection.  If SSLMismatchAllowed is set to False, the client will display an Error Dialog asking the user for permission to connect with SSL instead of "clear text".  
  4. Pre43 - This option is used to specify that the Pre-5.0 Handshake protocol is to be used to initiate a "clear text" APPX Desktop Client connection with an APPX Server.  If a "clear text" connection cannot be established within 5 seconds, the connection attempt will fail.  This option is compatible with all versions of the APPX Login Manager including older versions such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.

SSLAnonAllowed

>
>
  1. Required - This option is used to "Require" that the APPX Desktop Client establish an SSL connection with the APPX Login Manager on the APPX Server.  In the event that the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is not configured to allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available.  The value of SSLMismatchAllowed will determine if the user is provided with an option to continue with a "clear text" connection.
  2. Optional - This option is similar to the Required option.  However, in the event that the APPX Server does not support or is not configured to support an SSL connection, the client will automatically establish a "clear text" connection without notifying the user.  The SSLMismatchAllowed preference is not relevant when this option is specified.
  3. Disabled - This option is used to "Disable" the APPX Desktop Client's ability to establish an SSL connection.  In other words, this option is used to "require" that the APPX Desktop Client establish a "clear text" connection with the APPX Login Manager on the APPX Server.  In the event that the APPX Login Manager is not configured to allow a "clear text" connection, the client will display an error dialog informing the user that a "clear text" connection with the requested APPX Server is not allowed.  The value of SSLMismatchAllowed will determine if the user if provided with an option to continue with an SSL connection. 
  4. Pre43 - This option is used to specify that the Pre-5.0 Handshake protocol is to be used to initiate a "clear text" APPX Desktop Client connection with an APPX Server.  If a "clear text" connection cannot be established within 5 seconds, the connection attempt will fail.  This option is compatible with all versions of the APPX Login Manager including older versions such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.  Since this option can only establish a "clear text" connection, the other SSL perferences are not relevant when this option is specified.

SSLAnonAllowed

  This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that does not have an SSL certificate signed by a trusted authority such as Verisign or Thawte.
Changed:
<
<
  1. True - The connection is allowed
  2. False - The connection is not allowed

SSLMismatchAllowed

>
>
  1. True - An SSL connection is allowed whether or not the server has a signed certificate. 
  2. False - An SSL connection is only allowed if the server has a signed certificate.

SSLMismatchAllowed

This preference determines whether or not the user is provided with an option to continue in the event that the required connection type is not available.  If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling.  For example, if SSLMode is set to Required but the server does not allow

  1. True - If the requested type of connection, either SSL or "clear text", is not available, the user is provided an option to continue with the type of connection that is available.
  2. False - If the requested type of connection, either SSL or "clear text", is not available, the connection attempt fails.

SSLSelfSignedAllowed

 
Changed:
<
<
If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling.  For example, if SSLMode is set to Required but the server does not allow
  1. True
  2. False

SSLSelfSignedAllowed

This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that has a self-signed SSL certificate.

>
>
This preference determines whether or not the APPX Desktop Client is allowed to establish an SSL connection with an APPX Server that has a self-signed SSL certificate.
 
  1. True - The connection is allowed
  2. False - The connection is not allowed
Changed:
<
<

SSLHandshakeTimeout

>
>

SSLHandshakeTimeout

 
Changed:
<
<
This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager.  If the specified amount of time passes without establishing an SSL connection, then the connect request will fail.  This handshake timeout only applies when the client is attempting to
>
>
This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager.  If the specified amount of time passes without establishing an SSL connection, then the connect request will fail.  This option is not relevant when the value of SSLMode is "Pre43".
 
  1. An integer 0 through 10, with the default being 3.

APPX Connection Manager SSL parameters.

Changed:
<
<

RequireSSL - Not Implemented. Do not Use.

  1. true
  2. false

RequireSSLClientCertificates

  1. True - Connecting clients must have client side SSL certificates.
  2. False - This is the default option. Connecting clients do not need to have client side SSL certificates.

ServerCertificateFile - This is the server's SSL public certificate

  1. The pathname of server's X509 certificate (leave blank for anonymous connections). An example is ServerCertificateFile =/usr/local/appx/tools/tubes.internal.appx.com.crt

ServerPrivateKeyFile - This is the server's SSL private server key

  1. Pathname of server's private key file (unlocks the ServerCertificateFile). An example is ServerPrivateKeyFile =/usr/local/appx/tools/tubes.internal.appx.com.private.key

ServerPrivateKeyPassphrase

  1. Passphrase that unlocks ServerPrivateKeyFile

SSLMode

  1. Enabled #SSL connection type (optional, required, disabled)
  2. Disabled
  3. Optional

TrustedCAFile = #determines which client certificates to trust

How to create a server's SSL private server key and server's SSL public certificate from the Unix/Linux command line with the openssl tool.

Create new private/public-keys without passphrase for server

*openssl genrsa -out tubes.internal.appx.com.private.key 1024*

Create server's SSL public certificate

*openssl req -new         -days 365         -key tubes.internal.appx.com.private.key         -x509         -out tubes.internal.appx.com.crt*
>
>
Please refer to the  APPX Login Manager for server configuration options relating to SSL.
 

Suggested Behavior:

  1. A field or two need to be added to the AppxDesktopClient SSL configuration parameters that would work with the AppxLoginMgr 's field named RequireSSLClientCertificates.

Revision 162008-09-18 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 24 to 24
 

SSLMode

  1. Required - When this option is specified, the APPX Desktop Client will attempt to establish an SSL connection with the APPX Login Manager on the APPX server.  If the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is configured to not allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available.  In this case, the user has the option of cancelling the connection request or allowing the connection to proceed without enabling SSL encryption.
  2. Optional - This option is similar to the Required option.  However, in the event that an SSL connection cannot be established, the client will automatically connect without enabling SSL and without notifying the user.
Changed:
<
<
  1. Disabled - This option is used to specify that a "clear text" connection is desired.  allowed, therefore no datastream encryption. If you are connecting to a 4.2.a or earlier build of APPX, then you might experience a brief (<=3 second) handshake upon connection.
>
>
  1. Disabled - This option is used to "Disable" the APPX Desktop Client's ability to establish an SSL connection.  In other words, this option is used to specify that a "clear text" connection is desired.  The APPX Desktop Client will first attempt to complete a 5.0 Handshake.  If an appropriate response is not received within the specified SSLHandshakeTimeout, then the client will attempt to complete a Pre-5.0 Handshake.  In the event that the 5.0 Handshake is completed, the client will request a "clear text" session from the APPX Login Manager.  If a "clear text" session is not allowed, then, if SSLMismatchAllowed is set to True, the client will establish an SSL connection.  If SSLMismatchAllowed is set to False, the client will display an Error Dialog asking the user for permission to connect with SSL instead of "clear text".  
 
  1. Pre43 - This option is used to specify that the Pre-5.0 Handshake protocol is to be used to initiate a "clear text" APPX Desktop Client connection with an APPX Server.  If a "clear text" connection cannot be established within 5 seconds, the connection attempt will fail.  This option is compatible with all versions of the APPX Login Manager including older versions such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.

SSLAnonAllowed

Revision 152008-09-18 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 10 to 10
 Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to require that the APPX Desktop Client must use SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].

APPX Desktop Client Handshake

Changed:
<
<
When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake".  The handshake determines whether or not the connection is able to use SSL.
>
>
When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake".  The handshake exchanges version and configuration information to determine whether or not the connection is able to use SSL and whether or not the connection should use SSL.
  APPX Desktop Client versions prior to 5.0 are not able to connect using SSL.  If you want to use SSL, you must upgrade your APPX Desktop Client to version 5.0 or higher.  You must also upgrade your server to APPX Server version 5.0 or higher.  The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server.  Please note that while it is technically possible for an APPX Desktop Client version prior to 5.0 to connect to an APPX Server version of 5.0 or higher, this combination is not recommended or supported since upward compatibility of old APPX Desktop Client versions with newer APPX Server versions is not assured.  The APPX Desktop Client version should always be the same or higher than the APPX Server version with which a session is to be established.
Line: 24 to 24
 

SSLMode

  1. Required - When this option is specified, the APPX Desktop Client will attempt to establish an SSL connection with the APPX Login Manager on the APPX server.  If the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is configured to not allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available.  In this case, the user has the option of cancelling the connection request or allowing the connection to proceed without enabling SSL encryption.
  2. Optional - This option is similar to the Required option.  However, in the event that an SSL connection cannot be established, the client will automatically connect without enabling SSL and without notifying the user.
Changed:
<
<
  1. Disabled - No SSL connections allowed, therefore no datastream encryption. If you are connecting to a 4.2.a or earlier build of APPX, then you might experience a brief (<=3 second) handshake upon connection.
  2. Pre43 - Do not perform any SSL notification to the target server. This can speed up connections to older builds of APPX Connection managers, such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.
>
>
  1. Disabled - This option is used to specify that a "clear text" connection is desired.  allowed, therefore no datastream encryption. If you are connecting to a 4.2.a or earlier build of APPX, then you might experience a brief (<=3 second) handshake upon connection.
  2. Pre43 - This option is used to specify that the Pre-5.0 Handshake protocol is to be used to initiate a "clear text" APPX Desktop Client connection with an APPX Server.  If a "clear text" connection cannot be established within 5 seconds, the connection attempt will fail.  This option is compatible with all versions of the APPX Login Manager including older versions such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.
 

SSLAnonAllowed

This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that does not have an SSL certificate signed by a trusted authority such as Verisign or Thawte.

Line: 33 to 33
 
  1. False - The connection is not allowed

SSLMismatchAllowed

Changed:
<
<
This preference determines whether or not the APPX Desktop Client
>
>
If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling.  For example, if SSLMode is set to Required but the server does not allow
 
  1. True
  2. False

SSLSelfSignedAllowed

Revision 142008-09-18 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 10 to 10
 Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to require that the APPX Desktop Client must use SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].

APPX Desktop Client Handshake

Changed:
<
<
When the APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake".  The handshake tells the APPX Desktop Client whether or not the APPX Login Manager can accept an encrypted login request from the APPX Desktop Client.
>
>
When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake".  The handshake determines whether or not the connection is able to use SSL.
 
Changed:
<
<
Versions 5.0 and higher of the APPX Desktop Client support two different types of handshakes:
  • Pre-5.0 Handshake - Used to establish a "clear text" client session with versions of APPX Server prior to 5.0.0.
  • 5.0 Handshake - Used to establish an encrypted SSL client session with version 5.0.0 or higher of APPX Server.

Versions of the APPX Desktop Client prior to 5 support only the Pre-5.0 Handshake Protocol.

The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server.  Please note that while it is technically possible for an APPX Desktop Client version prior to 5.0 to connect to an APPX Server version of 5.0 or higher, this combination is not recommended or supported since upward compatibility of old APPX Desktop Client versions with newer APPX Server versions is not assured.  The APPX Desktop Client version should always be the same or higher than the APPX Server version with which a session is to be established.

>
>
APPX Desktop Client versions prior to 5.0 are not able to connect using SSL.  If you want to use SSL, you must upgrade your APPX Desktop Client to version 5.0 or higher.  You must also upgrade your server to APPX Server version 5.0 or higher.  The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server.  Please note that while it is technically possible for an APPX Desktop Client version prior to 5.0 to connect to an APPX Server version of 5.0 or higher, this combination is not recommended or supported since upward compatibility of old APPX Desktop Client versions with newer APPX Server versions is not assured.  The APPX Desktop Client version should always be the same or higher than the APPX Server version with which a session is to be established.
 
Client/APPX Versions APPX-Prior to 5.0  APPX-5.0 & Higher
Client - Prior to 5.0 Clear Text Only Clear Text Only

Revision 132008-09-18 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Effective with Release 5.0.0, the APPX Desktop Client includes an option to enable SSL encryption for "Remote" APPX Desktop Client sessions.

Added:
>
>

Overview

  Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to require that the APPX Desktop Client must use SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].

APPX Desktop Client Handshake

Revision 122008-09-17 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 6 to 6
 
Changed:
<
<
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions connecting to APPX 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to require that the APPX Desktop Client must use SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
>
>
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to require that the APPX Desktop Client must use SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
 

APPX Desktop Client Handshake

Changed:
<
<
When the APPX Desktop Client attempts to establish a connection with the APPX Login Manager, the first step is to complete a "handshake".
>
>
When the APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake".  The handshake tells the APPX Desktop Client whether or not the APPX Login Manager can accept an encrypted login request from the APPX Desktop Client.
 
Changed:
<
<
Versions 5.0 and higher of the APPX Desktop Client support two different handshake protocols
  • Pre-5.0 Handshake - Used by all APPX Desktop Client versions prior to Version 5.0.0 to initiate a connection with a version 5 APPX Login Manager.  This is the only handshake protocol that can be used by APPX Desktop Client versions prior to version 5.0.0.  APPX Desktop Client versions prior to version 5.0 can only establish "clear text" connections with the
  • 5.0 Handshake - Used by all APPX Desktop Client versions starting with Version 5.0.0 to initiate a connection with a version 5 APPX Login Manager.
>
>
Versions 5.0 and higher of the APPX Desktop Client support two different types of handshakes:
  • Pre-5.0 Handshake - Used to establish a "clear text" client session with versions of APPX Server prior to 5.0.0.
  • 5.0 Handshake - Used to establish an encrypted SSL client session with version 5.0.0 or higher of APPX Server.
  Versions of the APPX Desktop Client prior to 5 support only the Pre-5.0 Handshake Protocol.
Changed:
<
<
The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server.  Please note that while it is technically possible for a client version prior to 5.0 to connect to an APPX version of 5.0 or higher, this combination is not recommended or supported since we do not guarantee upward compatibility of old client versions with newer APPX Server versions.
>
>
The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server.  Please note that while it is technically possible for an APPX Desktop Client version prior to 5.0 to connect to an APPX Server version of 5.0 or higher, this combination is not recommended or supported since upward compatibility of old APPX Desktop Client versions with newer APPX Server versions is not assured.  The APPX Desktop Client version should always be the same or higher than the APPX Server version with which a session is to be established.
 
Client/APPX Versions APPX-Prior to 5.0  APPX-5.0 & Higher
Client - Prior to 5.0 Clear Text Only Clear Text Only

Revision 112008-09-17 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 7 to 7
 

Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions connecting to APPX 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to require that the APPX Desktop Client must use SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].

Added:
>
>

APPX Desktop Client Handshake

 
Changed:
<
<

APPX Desktop Client SSL Preferences

The APPX Desktop Client provides five preferences (parameters) relating to SSL connection requests.  Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.

>
>
When the APPX Desktop Client attempts to establish a connection with the APPX Login Manager, the first step is to complete a "handshake".
 
Changed:
<
<
The APPX Desktop Client has two different handshake protocols.
>
>
Versions 5.0 and higher of the APPX Desktop Client support two different handshake protocols
 
  • Pre-5.0 Handshake - Used by all APPX Desktop Client versions prior to Version 5.0.0 to initiate a connection with a version 5 APPX Login Manager.  This is the only handshake protocol that can be used by APPX Desktop Client versions prior to version 5.0.0.  APPX Desktop Client versions prior to version 5.0 can only establish "clear text" connections with the
  • 5.0 Handshake - Used by all APPX Desktop Client versions starting with Version 5.0.0 to initiate a connection with a version 5 APPX Login Manager.
Added:
>
>
Versions of the APPX Desktop Client prior to 5 support only the Pre-5.0 Handshake Protocol.
 The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server.  Please note that while it is technically possible for a client version prior to 5.0 to connect to an APPX version of 5.0 or higher, this combination is not recommended or supported since we do not guarantee upward compatibility of old client versions with newer APPX Server versions.

Client/APPX Versions APPX-Prior to 5.0  APPX-5.0 & Higher
Changed:
<
<
Client - Prior to 5.0 Text Only Text Only
Client - 5.0 & Higher Text Only Text or SSL
>
>
Client - Prior to 5.0 Clear Text Only Clear Text Only
Client - 5.0 & Higher Clear Text Only Clear Text or SSL

APPX Desktop Client SSL Preferences

The APPX Desktop Client provides five preferences (parameters) relating to SSL connection requests.  Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.

 

SSLMode

  1. Required - When this option is specified, the APPX Desktop Client will attempt to establish an SSL connection with the APPX Login Manager on the APPX server.  If the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is configured to not allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available.  In this case, the user has the option of cancelling the connection request or allowing the connection to proceed without enabling SSL encryption.
  2. Optional - This option is similar to the Required option.  However, in the event that an SSL connection cannot be established, the client will automatically connect without enabling SSL and without notifying the user.

Revision 102008-09-17 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Changed:
<
<
Effective with Release 5.0.0, the APPX Desktop Client includes an option to enable SSL encryption for APPX Desktop Client sessions.
>
>
Effective with Release 5.0.0, the APPX Desktop Client includes an option to enable SSL encryption for "Remote" APPX Desktop Client sessions.
 
Changed:
<
<
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions connecting to APPX 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Login Manager that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager may be configured to require that the APPX Desktop Client must use SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
>
>
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions connecting to APPX 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager on the APPX Server may be configured to require that the APPX Desktop Client must use SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
 

APPX Desktop Client SSL Preferences

Changed:
<
<
The APPX Desktop Client provides five preferences (parameters) relating to SSL connection requests. 
>
>
The APPX Desktop Client provides five preferences (parameters) relating to SSL connection requests.  Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.

The APPX Desktop Client has two different handshake protocols.

  • Pre-5.0 Handshake - Used by all APPX Desktop Client versions prior to Version 5.0.0 to initiate a connection with a version 5 APPX Login Manager.  This is the only handshake protocol that can be used by APPX Desktop Client versions prior to version 5.0.0.  APPX Desktop Client versions prior to version 5.0 can only establish "clear text" connections with the
  • 5.0 Handshake - Used by all APPX Desktop Client versions starting with Version 5.0.0 to initiate a connection with a version 5 APPX Login Manager.

The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server.  Please note that while it is technically possible for a client version prior to 5.0 to connect to an APPX version of 5.0 or higher, this combination is not recommended or supported since we do not guarantee upward compatibility of old client versions with newer APPX Server versions.

Client/APPX Versions APPX-Prior to 5.0  APPX-5.0 & Higher
Client - Prior to 5.0 Text Only Text Only
Client - 5.0 & Higher Text Only Text or SSL
 

SSLMode

  1. Required - When this option is specified, the APPX Desktop Client will attempt to establish an SSL connection with the APPX Login Manager on the APPX server.  If the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is configured to not allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available.  In this case, the user has the option of cancelling the connection request or allowing the connection to proceed without enabling SSL encryption.
  2. Optional - This option is similar to the Required option.  However, in the event that an SSL connection cannot be established, the client will automatically connect without enabling SSL and without notifying the user.
Line: 18 to 28
 
  1. Pre43 - Do not perform any SSL notification to the target server. This can speed up connections to older builds of APPX Connection managers, such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.

SSLAnonAllowed

Changed:
<
<
This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that does not have a signed SSL certificate.
>
>
This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that does not have an SSL certificate signed by a trusted authority such as Verisign or Thawte.
 
  1. True - The connection is allowed
  2. False - The connection is not allowed

SSLMismatchAllowed

Line: 33 to 43
 
  1. False - The connection is not allowed

SSLHandshakeTimeout

Changed:
<
<
This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager.  If the specified amount of time passes without establishing an SSL connection, then the SSLMode preference will determine what additional action, if any, takes place.
>
>
This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager.  If the specified amount of time passes without establishing an SSL connection, then the connect request will fail.  This handshake timeout only applies when the client is attempting to
 
  1. An integer 0 through 10, with the default being 3.

APPX Connection Manager SSL parameters.

Revision 92008-09-17 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 6 to 6
 
Changed:
<
<
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions connecting to APPX 5.0.0 or higher.  The APPX SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server includes login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Login Manager that has been properly configured to accept SSL connection requests from clients.  The APPX Login Manager may require that the APPX Desktop Client enable SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [How is this done???].
>
>
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions connecting to APPX 5.0.0 or higher.  The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Login Manager that has been properly configured to accept SSL connection requests from the various types of APPX clients.  The APPX Login Manager may be configured to require that the APPX Desktop Client must use SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client].
 

APPX Desktop Client SSL Preferences

Revision 82008-09-16 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Desktop Client Encryption

Line: 6 to 6
 
Changed:
<
<
Release 5.0.0 of the APPX Desktop Client allows SSL encryption to optionally be enabled for APPX Desktop Client sessions connecting to APPX 5.0.0 or higher.  The APPX SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server includes login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Login Manager that has been properly configured to accept SSL connection requests from clients.  The APPX Login Manager may require that the APPX Desktop Client enable SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate.
  1.  

  2. Provide a self signed SSL server certificate
  3. Provide a trusted SSL certificate from an official SSL CA such as Verisign, Thawte, Digicert, Geotrust....
>
>
Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions connecting to APPX 5.0.0 or higher.  The APPX SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server includes login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Login Manager that has been properly configured to accept SSL connection requests from clients.  The APPX Login Manager may require that the APPX Desktop Client enable SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [How is this done???].
 

APPX Desktop Client SSL Preferences

Revision 72008-09-16 - SteveFrizzell

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"
Deleted:
<
<

APPX Client Encryption

APPX now includes the ability to encrypt login data, session data, and file transfers.
 
Changed:
<
<
>
>

APPX Desktop Client Encryption

Effective with Release 5.0.0, the APPX Desktop Client includes an option to enable SSL encryption for APPX Desktop Client sessions.
 
Changed:
<
<
The APPX Connection Manager, and APPX Desktop Client by default will encrypt the data stream with SSL encryption. This datastream includes login ID, password, and all session data. You may optionally:
>
>
 
Changed:
<
<
  1. Disable Encryption
>
>
Release 5.0.0 of the APPX Desktop Client allows SSL encryption to optionally be enabled for APPX Desktop Client sessions connecting to APPX 5.0.0 or higher.  The APPX SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server includes login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server.  The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Login Manager that has been properly configured to accept SSL connection requests from clients.  The APPX Login Manager may require that the APPX Desktop Client enable SSL encryption.  Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate.
  1.  

 
  1. Provide a self signed SSL server certificate
  2. Provide a trusted SSL certificate from an official SSL CA such as Verisign, Thawte, Digicert, Geotrust....
Deleted:
<
<
  1. Require that any connecting client have a SSL certificate.

Lets review the configuration options available in the APPX Desktop Client, followed by the options in the APPX Connection Manager.

 
Changed:
<
<

APPX Desktop Client parameters available for SSL datastream encryption.

Upon initial startup of the APPX Desktop Client, just prior to logging in, there are three tabs available, Local, Remote, and Options. Select Options, and then click the Advanced button. You should now see four many options available broken up into sections, one of which is labeled [SSL]. In the SSL section are five options.
>
>

APPX Desktop Client SSL Preferences

 
Added:
>
>
The APPX Desktop Client provides five preferences (parameters) relating to SSL connection requests. 
 

SSLMode

Changed:
<
<
  1. Required - Non SSL connections are not allowed. Only SSL encrypted connections are permitted. If you are connecting to a 4.2.a or earlier build of APPX Connection Manager that does not support SSL encryption, or you connect to a 4.3 APPX Connection Manager that has SSL disabled, then upon connection, you will be presented with a notification that SSL is not available. This notification will enable you to continue unencrypted or to terminate the connection.
  2. Optional - If both parties support SSL connection, then SSL connect, else fall back to non encrypted connection. If you are connecting to a 4.2.a or earlier build of APPX, then you might experience a brief (<=3 second) handshake upon connection.
  3. Disabled - No SSL connections allowed, therefore no datastream encryption. If you are connecting to a 4.2.a or earlier build of APPX, then you might experience a brief (<=3 second) handshake upon connection.
  4. Pre43 - Do not perform any SSL notification to the target server. This can speed up connections to older builds of APPX Connection managers, such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.
>
>
  1. Required - When this option is specified, the APPX Desktop Client will attempt to establish an SSL connection with the APPX Login Manager on the APPX server.  If the APPX Login Manager is an older version that does not support SSL connections or if the APPX Login Manager is configured to not allow SSL connections, the client will display an error dialog informing the user that an SSL connection with the requested APPX server is not available.  In this case, the user has the option of cancelling the connection request or allowing the connection to proceed without enabling SSL encryption.
  2. Optional - This option is similar to the Required option.  However, in the event that an SSL connection cannot be established, the client will automatically connect without enabling SSL and without notifying the user.
  3. Disabled - No SSL connections allowed, therefore no datastream encryption. If you are connecting to a 4.2.a or earlier build of APPX, then you might experience a brief (<=3 second) handshake upon connection.
  4. Pre43 - Do not perform any SSL notification to the target server. This can speed up connections to older builds of APPX Connection managers, such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.
 

SSLAnonAllowed

Changed:
<
<
  1. True -
  2. False -
>
>
This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that does not have a signed SSL certificate.
  1. True - The connection is allowed
  2. False - The connection is not allowed
 

SSLMismatchAllowed

Changed:
<
<
  1. True -
  2. False -

SSLSelfSignedAllowed -

  1. True -
  2. False -

SSLHandshakeTimeout -

>
>
This preference determines whether or not the APPX Desktop Client
  1. True
  2. False

SSLSelfSignedAllowed

This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that has a self-signed SSL certificate.

  1. True - The connection is allowed
  2. False - The connection is not allowed

SSLHandshakeTimeout

This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager.  If the specified amount of time passes without establishing an SSL connection, then the SSLMode preference will determine what additional action, if any, takes place.

 
  1. An integer 0 through 10, with the default being 3.

APPX Connection Manager SSL parameters.

RequireSSL - Not Implemented. Do not Use.

Changed:
<
<
  1. true
  2. false
>
>
  1. true
  2. false
 

RequireSSLClientCertificates

Changed:
<
<
  1. True - Connecting clients must have client side SSL certificates.
  2. False- This is the default option. Connecting clients do not need to have client side SSL certificates.
>
>
  1. True - Connecting clients must have client side SSL certificates.
  2. False - This is the default option. Connecting clients do not need to have client side SSL certificates.
 

ServerCertificateFile - This is the server's SSL public certificate

  1. The pathname of server's X509 certificate (leave blank for anonymous connections). An example is ServerCertificateFile=/usr/local/appx/tools/tubes.internal.appx.com.crt

ServerPrivateKeyFile - This is the server's SSL private server key

Line: 55 to 60
 

How to create a server's SSL private server key and server's SSL public certificate from the Unix/Linux command line with the openssl tool.

Create new private/public-keys without passphrase for server


Changed:
<
<
openssl genrsa -out tubes.internal.appx.com.private.key 1024
>
>
openssl genrsa -out tubes.internal.appx.com.private.key 1024
 

Create server's SSL public certificate


Changed:
<
<
openssl req -new -days 365 -key tubes.internal.appx.com.private.key -x509 -out tubes.internal.appx.com.crt
>
>
openssl req -new -days 365 -key tubes.internal.appx.com.private.key -x509 -out tubes.internal.appx.com.crt
 

Suggested Behavior:

Revision 62008-09-15 - SteveFrizzell

Line: 1 to 1
Changed:
<
<
META TOPICPARENT name="APPX43Features"
>
>
META TOPICPARENT name="APPX500Features"
 

APPX Client Encryption

APPX now includes the ability to encrypt login data, session data, and file transfers.

Revision 52008-06-30 - JoeOrtagus

Line: 1 to 1
 
META TOPICPARENT name="APPX43Features"

APPX Client Encryption

APPX now includes the ability to encrypt login data, session data, and file transfers.
Line: 62 to 62
 openssl req -new -days 365 -key tubes.internal.appx.com.private.key -x509 -out tubes.internal.appx.com.crt
Changed:
<
<
>
>

Suggested Behavior:

  1. A field or two need to be added to the AppxDesktopClient SSL configuration parameters that would work with the AppxLoginMgr's field named RequireSSLClientCertificates.
 

Comments:

Read what other users have said about this page or add your own comments.

Revision 42008-06-27 - JoeOrtagus

Line: 1 to 1
 
META TOPICPARENT name="APPX43Features"

APPX Client Encryption

APPX now includes the ability to encrypt login data, session data, and file transfers.
Line: 52 to 52
 
  1. Disabled
  2. Optional

TrustedCAFile = #determines which client certificates to trust

Added:
>
>

How to create a server's SSL private server key and server's SSL public certificate from the Unix/Linux command line with the openssl tool.

Create new private/public-keys without passphrase for server

openssl genrsa -out tubes.internal.appx.com.private.key 1024

Create server's SSL public certificate

openssl req -new         -days 365         -key tubes.internal.appx.com.private.key         -x509         -out tubes.internal.appx.com.crt 
 

Comments:

Revision 32008-06-26 - JoeOrtagus

Line: 1 to 1
 
META TOPICPARENT name="APPX43Features"

APPX Client Encryption

APPX now includes the ability to encrypt login data, session data, and file transfers.
Line: 14 to 14
  Lets review the configuration options available in the APPX Desktop Client, followed by the options in the APPX Connection Manager.
Added:
>
>

APPX Desktop Client parameters available for SSL datastream encryption.

Upon initial startup of the APPX Desktop Client, just prior to logging in, there are three tabs available, Local, Remote, and Options. Select Options, and then click the Advanced button. You should now see four many options available broken up into sections, one of which is labeled [SSL]. In the SSL section are five options.

SSLMode

  1. Required - Non SSL connections are not allowed. Only SSL encrypted connections are permitted. If you are connecting to a 4.2.a or earlier build of APPX Connection Manager that does not support SSL encryption, or you connect to a 4.3 APPX Connection Manager that has SSL disabled, then upon connection, you will be presented with a notification that SSL is not available. This notification will enable you to continue unencrypted or to terminate the connection.
  2. Optional - If both parties support SSL connection, then SSL connect, else fall back to non encrypted connection. If you are connecting to a 4.2.a or earlier build of APPX, then you might experience a brief (<=3 second) handshake upon connection.
  3. Disabled - No SSL connections allowed, therefore no datastream encryption. If you are connecting to a 4.2.a or earlier build of APPX, then you might experience a brief (<=3 second) handshake upon connection.
  4. Pre43 - Do not perform any SSL notification to the target server. This can speed up connections to older builds of APPX Connection managers, such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.

SSLAnonAllowed

  1. True -
  2. False -

SSLMismatchAllowed

  1. True -
  2. False -

SSLSelfSignedAllowed -

  1. True -
  2. False -

SSLHandshakeTimeout -

  1. An integer 0 through 10, with the default being 3.

APPX Connection Manager SSL parameters.

RequireSSL - Not Implemented. Do not Use.

  1. true
  2. false

RequireSSLClientCertificates

  1. True - Connecting clients must have client side SSL certificates.
  2. False- This is the default option. Connecting clients do not need to have client side SSL certificates.

ServerCertificateFile - This is the server's SSL public certificate

  1. The pathname of server's X509 certificate (leave blank for anonymous connections). An example is ServerCertificateFile=/usr/local/appx/tools/tubes.internal.appx.com.crt

ServerPrivateKeyFile - This is the server's SSL private server key

  1. Pathname of server's private key file (unlocks the ServerCertificateFile). An example is ServerPrivateKeyFile=/usr/local/appx/tools/tubes.internal.appx.com.private.key

ServerPrivateKeyPassphrase

  1. Passphrase that unlocks ServerPrivateKeyFile

SSLMode

  1. Enabled #SSL connection type (optional, required, disabled)
  2. Disabled
  3. Optional

TrustedCAFile = #determines which client certificates to trust

 

Comments:

Read what other users have said about this page or add your own comments.

Revision 22008-06-25 - JoeOrtagus

Line: 1 to 1
 
META TOPICPARENT name="APPX43Features"

APPX Client Encryption

APPX now includes the ability to encrypt login data, session data, and file transfers.
Added:
>
>

The APPX Connection Manager, and APPX Desktop Client by default will encrypt the data stream with SSL encryption. This datastream includes login ID, password, and all session data. You may optionally:

  1. Disable Encryption
  2. Provide a self signed SSL server certificate
  3. Provide a trusted SSL certificate from an official SSL CA such as Verisign, Thawte, Digicert, Geotrust....
  4. Require that any connecting client have a SSL certificate.

Lets review the configuration options available in the APPX Desktop Client, followed by the options in the APPX Connection Manager.

 

Comments:

Read what other users have said about this page or add your own comments.

Revision 12008-04-04 - AlKalter

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="APPX43Features"

APPX Client Encryption

APPX now includes the ability to encrypt login data, session data, and file transfers.

Comments:

Read what other users have said about this page or add your own comments.
<--/commentPlugin-->

-- AlKalter - 04 Apr 2008

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback