H3270 SSL Connection Configuration
This Guide provides instructions and example commands for configuring SSL connections with the H3270 protocol. It covers server authentication, mutual authentication, and important SSL options for enhanced security.
Note that when connecting with SSL you should add
L:prefix for the host address, e.g.
host: L:<IP>
Server Authentication
With Server Certificate Validation To connect and validate the server's certificate, use:
On Windows:
"additionalParams": "-cafile {path to the server CA file} "
Replace {path to the server CA file} with the location of the server's CA certificate (PEM format).Without Certificate Validation (Trusting the Certificate)
To connect without verifying the server's certificate:
"additionalParams": "-noverifycert"Note: Communication is still encrypted, even if certificate verification is skipped.
Server-Client (Mutual) Authentication
For mutual authentication (client and server certificates required):
"additional-params": "-cafile {path to server CA file} -certfile {path to client cert file} -verifycert"
{path to server CA file}: CA certificate file (PEM format)
{path to client cert file}: Client certificate file (PEM format)For more information, please look into:
- https://x3270.miraheze.org/wiki/Transport_Layer_Security
- https://x3270.miraheze.org/wiki/Host_name_syntax#Prefixes
- http://x3270.bgp.nu/Unix/s3270-man.html
Updated about 11 hours ago