Connecting to a Host Computer Using TLS

Return to Introduction  Previous page  Next page

TLS (Transport Layer Security) and  SSL (Secure Socket Layer) support allow you to make a secure connection to a host computer. The host computer must be configured to support secure connections.

1.Open the Host menu and select the Connect command or use the blue up arrow on the toolbar.
2.Fill in the Connect to Host dialog box. Make sure you specify the TLSv1 radio button. The TLSv1 radio button selection defaults to the TLS version 1.0 protocol with no server certificate options. If you need to modify the default configuration go to step 3 otherwise skip to step 8.
3.Click the Advancedů button and select Security under Setup Items to display the Security pane of Session Setup dialog box.
4.Select the desired TLS or SSL encryption protocol.
5.Specify the Server Certificate options. In most cases, the "Use Windows certificate store" is the only option you will need. This option imports the "Trusted Root Certification Authorities" certificates from the Internet Explorer certificate store into the TN3270 Plus certificate store (tn3270.pem). If the server certificate is not signed by a Trusted Root Certification Authority (not common), place a copy of the entire server certificate chain on your PC. Enter the the full path and name of the server certificate chain file in the Server Certificate File (.pem) edit box.  The server certificate chain must be in the proper order starting with the server certificate and ending with the root Certificate Authority certificate. The certificate(s) must be in ".pem" format. You can use notepad merge multiple certificates into a single file. See the Session Setup (Secuirty Pane) dialog for a complete description of each of the Server certificate options.
6.Specify the Client Certificate options. If the host computer does TLS client validation (not common), enter the full path and name of the client certificate file in the Client Certificate File (.pem) edit box. The certificate must be in ".pem" format. Specify the client certificate encryption password in the Password edit box.
7.Click the OK button to save your configuration options and close the dialog box.
8.Click the Connect button in the Connect to Host dialog box and TN3270 Plus creates a secure connection to the specified host.


SSL support is an optional additional cost feature. If your copy of TN3270 Plus does not have the SSL feature, please contact
If you are making a secure connection to a host computer that is behind a proxy server, you may need to set up your session for "no SSL" to get connected to the proxy server. Then use the SSLConnect script command to create the secure connection to the host computer.
You may connect up to 99 sessions of any type in any combination in a single window. You may also start sessions in multiple windows. See Working with Multiple Sessions for more information.
TN3270 Plus SSL support includes software developed by the OpenSSL project for the OpenSSL toolkit. This feature includes cryptographic software written by Eric Young. This feature includes software written by Tim Hudson. (See the OpenSSL license agreement.)

TN3270 Plus is continually being improved. To learn more about the latest enhancements, please review our Version History web page.