Using Transport Layer Security

Z and I Emulator for Windows allows you to negotiate the Transport Layer Security 1.0 protocol. The TLS protocol is based on the SSL protocol. TLS differs from SSL mainly in the initial handshake protocol for establishing client/server authentication and encryption. TLS also allows you to use FIPS (Federal Information Processing Standard) mode. Although TLS and SSL do not operate with each other, TLS provides a mechanism by which a TLS 1.0 implementation can revert to SSLv3.

The TLS protocol uses public-key and symmetric-key cryptographic technology. Public-key cryptography uses a pair of keys, one public and one private. Information encrypted with one key can only be decrypted with the other key. For example, information encrypted with the public key can be decrypted only with the private key. Each server's public key is published, while the private key is confidential. To send a secure message to the server, the client encrypts the message by using the server's public key. When the server receives the message, it decrypts the message with its private key.

Symmetric-key cryptography uses the same key to encrypt and decrypt messages. The client randomly generates a symmetric key to be used for encrypting all session data. The key is then encrypted with the server's public key and sent to the server.

TLS provides three basic security services:
Message privacy
Achieved through a combination of public-key and symmetric-key encryption. All traffic between a client and a server is encrypted using a key and an encryption algorithm negotiated during session setup.
Message integrity
Ensures that session traffic does not change while in route to its final destination. TLS and SSL use a combination of public/private keys and hash functions to ensure message integrity.
Mutual authentication
Exchange of identification through public-key certificates. The client and server identities are encoded in public-key certificates, which contain the following components:
  • Subject's distinguished name
  • Issuer's distinguished name
  • Subject's public key
  • Issuer's signature
  • Validity period
  • Serial number