Encrypting sessions

For purposes of security, administrators can choose to encrypt all data transmitted between the client and the host. This includes the client’s user name and password, which are supplied during logon, and any application data submitted by the client or returned by the host.

When TCP transport mode is selected, FH Web Edition uses 56-bit DES encryption. The DES key is exchanged using RSA Public-Key Cryptography Standards. The RSA keys are 512-bits. When SSL transport mode is selected, the following encryption algorithms are also available: 128-bit RC4, 168-bit 3DES, and 256-bit AES.

Note: A special license is required to use these algorithms. To obtain this license, contact your FIREHOUSE Software sales representative.

Once encryption is enabled, all succeeding FH Web Edition sessions are encrypted. Sessions that are active when the feature is enabled remain unencrypted. The next time the user signs into the FH Web Edition server, however, his or her session is encrypted. The user must sign off the FH Web Edition server, and sign back in for his or her session to be encrypted.

1. Choose Tools → Host Options.

2. Click the Security tab.

   

3. From Encryption, select an encryption level.
4. Click OK.