Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Deleted: | ||||||||
< < | ||||||||
APPX Desktop Client EncryptionEffective with Release 5.0.0, the APPX Desktop Client includes an option to enable SSL encryption for "Remote" APPX Desktop Client sessions. | ||||||||
Line: 7 to 6 | ||||||||
Overview | ||||||||
Changed: | ||||||||
< < | Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher. The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server. The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients. The APPX Login Manager on the APPX Server may be configured to require that the APPX Desktop Client must use SSL encryption. Furthermore, the APPX Login Manager may require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client]. | |||||||
> > | Release 5.0.0 or higher of the APPX Desktop Client allows SSL encryption to optionally be enabled for "Remote" APPX Desktop Client sessions when connecting to APPX Server 5.0.0 or higher. The APPX Desktop Client SSL encryption feature encrypts all data transmitted between the APPX Desktop Client and the APPX Server including login ID, password, all session data, all reports printed by the client, and all files transferred between the client and the server. The APPX Desktop Client can only establish an encrypted SSL connection with an APPX Server that has an APPX Login Manager that supports and that has been properly configured to accept SSL connection requests from the various types of APPX clients. The APPX Login Manager on the APPX Server may be configured to either require that an APPX Desktop Client that is requesting a connection must use SSL encryption, to only use SSL encryption if so requested by the APPX Desktop Client that is requesting a connection, or to only accept "clear text" connections from an APPX Desktop Client that is requesting a connection. If an SSL session is initiated, the APPX Login Manager may further require that the APPX Desktop Client identify itself by providing an acceptable SSL certificate [Note: This feature is not yet implemented by the APPX Desktop Client]. | |||||||
APPX Desktop Client Handshake | ||||||||
Changed: | ||||||||
< < | When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake". The handshake exchanges version and configuration information to determine whether or not the connection is able to use SSL and whether or not the connection should use SSL. | |||||||
> > | When an APPX Desktop Client connects with an APPX Login Manager to establish a client session with an APPX Server, the first step is to complete a "handshake". The handshake exchanges version and configuration information between the APPX Desktop Client and the APPX Login Manager. This information is used to determine whether the connection should use enable SSL encryption or use "clear text". | |||||||
APPX Desktop Client versions prior to 5.0 are not able to connect using SSL. If you want to use SSL, you must upgrade your APPX Desktop Client to version 5.0 or higher. You must also upgrade your server to APPX Server version 5.0 or higher. The following chart shows the types of connections that are technically possible for the various combinations of versions of the APPX Desktop Client and APPX Server. Please note that while it is technically possible for an APPX Desktop Client version prior to 5.0 to connect to an APPX Server version of 5.0 or higher, this combination is not recommended or supported since upward compatibility of old APPX Desktop Client versions with newer APPX Server versions is not assured. The APPX Desktop Client version should always be the same or higher than the APPX Server version with which a session is to be established. | ||||||||
Line: 22 to 21 | ||||||||
The APPX Desktop Client provides five preferences (parameters) relating to SSL connection requests. Depending on the value specified for SSLMode, the other SSL preferences may not always be relevant.
SSLMode | ||||||||
Changed: | ||||||||
< < |
SSLAnonAllowed | |||||||
> > |
SSLAnonAllowed | |||||||
This preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that does not have an SSL certificate signed by a trusted authority such as Verisign or Thawte. | ||||||||
Changed: | ||||||||
< < |
SSLMismatchAllowed | |||||||
> > |
SSLMismatchAllowedThis preference determines whether or not the user is provided with an option to continue in the event that the required connection type is not available. If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling. For example, if SSLMode is set to Required but the server does not allow
SSLSelfSignedAllowed | |||||||
Changed: | ||||||||
< < | If set to False, the user will be presented with an Error Dialog Window in the event that the requested type of connection cannot be established.False, the user is given the option of continuing with a different type of connection or cancelling. For example, if SSLMode is set to Required but the server does not allow
SSLSelfSignedAllowedThis preference determines whether or not the APPX Desktop Client is allowed to connect to an APPX Server that has a self-signed SSL certificate. | |||||||
> > | This preference determines whether or not the APPX Desktop Client is allowed to establish an SSL connection with an APPX Server that has a self-signed SSL certificate. | |||||||
| ||||||||
Changed: | ||||||||
< < | SSLHandshakeTimeout | |||||||
> > | SSLHandshakeTimeout | |||||||
Changed: | ||||||||
< < | This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager. If the specified amount of time passes without establishing an SSL connection, then the connect request will fail. This handshake timeout only applies when the client is attempting to | |||||||
> > | This preference specifies the length of time in seconds that the client is to wait after attempting to establish an SSL connection with the APPX Login Manager. If the specified amount of time passes without establishing an SSL connection, then the connect request will fail. This option is not relevant when the value of SSLMode is "Pre43". | |||||||
APPX Connection Manager SSL parameters. | ||||||||
Changed: | ||||||||
< < | RequireSSL - Not Implemented. Do not Use.
RequireSSLClientCertificates
ServerCertificateFile - This is the server's SSL public certificate
ServerPrivateKeyFile - This is the server's SSL private server key
ServerPrivateKeyPassphrase
SSLMode
TrustedCAFile = #determines which client certificates to trustHow to create a server's SSL private server key and server's SSL public certificate from the Unix/Linux command line with the openssl tool.Create new private/public-keys without passphrase for server*openssl genrsa -out tubes.internal.appx.com.private.key 1024* Create server's SSL public certificate*openssl req -new -days 365 -key tubes.internal.appx.com.private.key -x509 -out tubes.internal.appx.com.crt* | |||||||
> > | Please refer to the APPX Login Manager for server configuration options relating to SSL. | |||||||
Suggested Behavior:
|