Remote configuration of internet settings, Secure internet connections, Secure sockets layer and transport layer security – Nokia 9290 User Manual

8

(11)

Nokia 9290 Communicator

Nokia Mobile Phones

Setting Up Dial-In Service

Copyright  Nokia Corporation 2001-2002. All rights reserved

.

IP address field contains a fixed IP address for the communicator and it stays the same for every connection using this
IAP. This field can not be edited if automatic IP address configuration is used.

Get DNS address automatically enables automatic Domain Name Server IP address configuration from the access

server. If this is switched off, DNS addresses must be defined manually. Not configuring the DNS IP addresses will
cause the communicator to be unable to connect to servers by using their domain names.

Primary DNS address and Secondary DNS address fields are for manually defined Domain Name Server IP addresses.

2.4 Remote Configuration of Internet Settings

The most important Internet access settings can be configured by sending a short message (SMS) to the device. This
enables the Internet access provider to configure the customer’s communicator without manually entering all
settings.

For a description of remote configuration messages, please see the Nokia 9290 Communicator Remote Configuration
Guide.

2.5 Secure Internet Connections

2.5.1 Secure Sockets Layer and Transport Layer Security

The Nokia 9290 Communicator supports the Secure Sockets Layer (SSL) version 3 and Transport Layer Security (TLS)
version 1 protocols. These protocols can be used to secure the connections to remote mailboxes, connections to mail
server while sending mail, and when connecting to Web servers. Software developers can use the SSL/TLS capabilities
through the EPOC socket interface for their own purposes. Note that TLS is not available in the Web browser due to
bugs in certain Web server implementations. The Web browser only uses SSLv3. There are no security implications.

When using SSL or TLS to secure mailbox access or mail sending, the mail server must support TLS negotiation during
the IMAP or SMTP connection (the STARTTLS directive). Please refer to the Setting Up E-Mail Service document for
details on how to use this feature.

Connections always default to TLSv1, and if the server does not support TLSv1, the connection is downgraded to
SSLv3. In some rare cases, the SSL server will fail during SSL handshake when TLS is negotiated. This is the problem
with some SSL servers. If this is the case, please contact your SSL server vendor for a fix.

2.5.1.1 Supported Algorithms

The selection of algorithms depends on the used protocol. It is advisable to avoid the use of “export-grade” algorithms
(RC4 with 40 secret bits and DES) for security reasons. The Nokia

9290 Communicator supports the following

cryptographic algorithms in SSL/TLS:

For server authentication and/or key exchange: RSA, DSA, and Diffie-Hellman. For data encryption: RC4



(plus the

“export” version with 40 secret bits), DES, and Triple-DES. (For WTLS in the WAP browser, RSA and RC5



are

supported.)

2.5.2 Certificate Management

SSL, TLS and software installation use certificates to authenticate remote peers. The Nokia

9290 Communicator

supports X.509 certificates, both RSA and DSA keys. The user can specify whether the certificate is trusted and for
what purposes the certificate is trusted. Certificates can be imported to the device by downloading them from the
Web, in mail attachments, etc. New 3

rd

party applications can register themselves for the certificate management and

can use the services provided by the certificate management, such as certificate chain validation and storage.