TLS with Telnet
Configure the InterSystems IRIS Telnet Server to use TLS
You can configure InterSystems IRIS® to accept TLS-protected connections from Telnet clients. To do this, configure the InterSystems IRIS Telnet server to use TLS:
-
From the Management Portal home page, go to the SSL/TLS Configurations page (System Administration > Security > SSL/TLS Configurations).
-
On the SSL/TLS Configurations page, select Create New Configuration, which displays the New SSL/TLS Configuration page. On this page, create a TLS configuration with a configuration name of %TELNET/SSL.
-
Enable the Telnet service, %Service_Telnet:
-
On the Services page (System Administration > Security > Services), click %Service_Telnet to display the Edit Service page for the Telnet service.
-
On the Edit Service page, check Service Enabled if it is not already checked.
-
Click Save.
-
-
Enable TLS for the relevant superserver. See TLS with the Superserver for more details.
-
On the System-wide Security Parameters page (System Administration > Security > System Security), select Enabled for the Telnet server SSL/TLS support setting.
Configuring Telnet Clients to Use TLS
InterSystems IRIS accepts TLS connections from both the InterSystems Telnet client and third-party Telnet clients.
Configure the InterSystems Telnet Client to Use TLS
You can configure the InterSystems Telnet client to use a TLS connection. The process involves several steps:
-
On the instance that is the Telnet server, configure it according to the instructions in the previous section, which includes the option of requiring TLS.
-
On the instance that is the Telnet client, configure the settings file according to the instructions in “Connecting from a Windows Client Using a Settings File.”
Configure Third-Party Telnet Clients to Use TLS
You can configure third-party Telnet clients to connect to an InterSystems Telnet server. The required or recommended configuration actions depend on the software in use and the selected cipher suites. The following guidelines apply:
-
If the Telnet client requires server authentication, then the server must provide a certificate and the client must have access to the server’s certificate chain.
-
If the InterSystems IRIS Telnet server requires client authentication, then the client must provide a certificate and the server must have access to the client’s certificate chain.
-
If the InterSystems IRIS Telnet server requests client authentication, then the client has the option of providing a certificate and a certificate chain to its certificate authority (CA). If the client does not provide a certificate, then authentication succeeds; if it provides a non-valid certificate or certificate chain, then authentication fails.
For information on how certificate and certificate chains are used for authentication, see Establishing the Required Certificate Chain.