Enabling SSL encryption security for Hummingbird

From The University of Akron Support Center Wiki

Background / Install

Hummingbird is a software product that supports telnet, ftp and remote job entry capabilities. Hummingbird can be installed on your work computer by following the following instructions:

1. Click start in the bottom left hand side of your screen
2. Open up the control panel
3. Run Advertised programs and select Hummingbird

IF AT ANY TIME YOU ARE HAVING ANY TROUBLES RUNNING / INSTALLING HUMMINGBIRD PLEASE CONTACT x6888

SSL Connection

As part of the continuing effort to provide a secure computing environment at The University of Akron, the Enterprise Server (also known as the mainframe or legacy application server) will now offer an encrypted SSL session whenever it is accessed via telnet TN3270. This includes all TSO, CICS, and Phoenix users, who will now briefly see a new Hummingbird Hostexplorer "splash screen" (showing the connection negotiation status) when they connect to an application running on the Enterprise Server.

To achieve a secure TN3270 connection, the server must be configured to offer it (as denoted by the new "splash screen" seen when connecting) and the client (Hummingbird Hostexplorer) must be configured to accept an SSL connection. Initially, the use of a secure TN3270 connection will be optional, but eventually its use will become mandatory. The following steps will enable Hummingbird Hostexplorer to accept a secure TN3270 connection. We recommend you configure your Hummingbird emulator to accept a secure SSL session as soon as it is convenient. If you connect from home, you will also have to do this on your home machine.

1) Verify that you are running version 12 of HostExplorer. The version you are running can be determined by going to any open Hostexplorer session and clicking on "Help" and then "About". You should see a screen similar to this:

In the example above, the cursor is pointing to the version number. In this case, Hummingbird HostExplorer is Version 11.0.1.0. Yours should be a version 12.x.x.x.

2) Configure your MVS1 Hummingbird Hostexplorer profile to negotiate a secure SSL session. This example used version 11 menus, so things may appear slightly different for version 12 users, but the steps are essentially the same.

3a) Open a HostEexplorer session, and type "exit" to terminate the "Flying A" screen.

3b) If the Hostxplorer window disappears, re-open the session, click on "Options", then "Session Properties", then the + sign next to "Connection" then "Other". Go to the option box titled "Upon disconnect from host:" and select the drop down option titled "Keep Session Window Open".

In the above screen shot, the cursor is pointing to the option box to change. Click "Ok" (the "Options" window will go away) and again type "Exit" to terminate the "Flying A" logon screen. Now the session window will stay open. You can undo this change if you want when you=re done configuring Hummingbird.

Once you have an open Hostexplorer session window without the "Flying A" screen, click on "Options", then "Session Properties", then the + sign next to "Security" (if needed), then "SSL/TLS".

Under "SSL/TLS Options" select the drop down box titled "Version" and select "Version 3", then click the boxes labeled: "Negotiate via Telnet", "Verify Server Certificate", and "Accept Self-Signed Certificate".

The option box should look like:

Lastly, click on the "General" option (under "Security"), and click on the Security Option "SSL / TLS" as shown in the following screen shot:

Click "ok" (the "Options" window will disappear).

Click on "File", then "Connect", and you should see a white "splash screen" showing the progress of the connection setup, and (after a few seconds) the "Flying A" logo screen.

You can confirm a secure session by looking at the "padlock" icon at the bottom of the session window, it should now be in the "locked" position.