Nokia 9290 Setting up Dial-in Service - Page 8

Nokia Mobile Phones Nokia 9290 Communicator Setting Up Dial-In Service 8 (11) IP address field contains a fixed IP address for the communicator and it stays the same for every connection using this IAP. This field can not be edited if automatic IP address configuration is used. Get DNS address automatically enables automatic Domain Name Server IP address configuration from the access server. If this is switched off, DNS addresses must be defined manually. Not configuring the DNS IP addresses will cause the communicator to be unable to connect to servers by using their domain names. Primary DNS address and Secondary DNS address fields are for manually defined Domain Name Server IP addresses. 2.4 Remote Configuration of Internet Settings The most important Internet access settings can be configured by sending a short message (SMS) to the device. This enables the Internet access provider to configure the customer's communicator without manually entering all settings. For a description of remote configuration messages, please see the Nokia 9290 Communicator Remote Configuration Guide. 2.5 Secure Internet Connections 2.5.1 Secure Sockets Layer and Transport Layer Security The Nokia 9290 Communicator supports the Secure Sockets Layer (SSL) version 3 and Transport Layer Security (TLS) version 1 protocols. These protocols can be used to secure the connections to remote mailboxes, connections to mail server while sending mail, and when connecting to Web servers. Software developers can use the SSL/TLS capabilities through the EPOC socket interface for their own purposes. Note that TLS is not available in the Web browser due to bugs in certain Web server implementations. The Web browser only uses SSLv3. There are no security implications. When using SSL or TLS to secure mailbox access or mail sending, the mail server must support TLS negotiation during the IMAP or SMTP connection (the STARTTLS directive). Please refer to the Setting Up E-Mail Service document for details on how to use this feature. Connections always default to TLSv1, and if the server does not support TLSv1, the connection is downgraded to SSLv3. In some rare cases, the SSL server will fail during SSL handshake when TLS is negotiated. This is the problem with some SSL servers. If this is the case, please contact your SSL server vendor for a fix. 2.5.1.1 Supported Algorithms The selection of algorithms depends on the used protocol. It is advisable to avoid the use of "export-grade" algorithms (RC4 with 40 secret bits and DES) for security reasons. The Nokia 9290 Communicator supports the following cryptographic algorithms in SSL/TLS: For server authentication and/or key exchange: RSA, DSA, and Diffie-Hellman. For data encryption: RC4 (plus the "export" version with 40 secret bits), DES, and Triple-DES. (For WTLS in the WAP browser, RSA and RC5 are supported.) 2.5.2 Certificate Management SSL, TLS and software installation use certificates to authenticate remote peers. The Nokia 9290 Communicator supports X.509 certificates, both RSA and DSA keys. The user can specify whether the certificate is trusted and for what purposes the certificate is trusted. Certificates can be imported to the device by downloading them from the Web, in mail attachments, etc. New 3rd party applications can register themselves for the certificate management and can use the services provided by the certificate management, such as certificate chain validation and storage. Copyright  Nokia Corporation 2001-2002. All rights reserved.