Browser security
About TLS
The BlackBerry® Browser configuration is designed to use TLS or SSL to encrypt data that your device sends or receives over the Internet
through the BlackBerry® Enterprise Server. Communication between your device and the BlackBerry Enterprise Server is encrypted using Triple
DES. Communication between the BlackBerry Enterprise Server and content servers is encrypted using SSL or TLS. To increase security, you
can set up TLS for HTTP connections between your device and the BlackBerry Enterprise Server and use Triple DES encryption for all other
communication between your device and the BlackBerry Enterprise Server.
User Guide
Browser
140
About WTLS
The WAP Browser configuration is designed to use WTLS to encrypt data that your BlackBerry® device sends and receives over the Internet
through a WAP gateway. Communication between your device and the WAP gateway is encrypted using WTLS. Communication between the
WAP gateway and content servers is encrypted using TLS or SSL.
Manage browser security
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click TLS or WTLS.
5. Set the security options.
6. Press the Menu key.
7. Click Save.
TLS options
TLS Default:
Specify the type of TLS or SSL connection that your browser uses for HTTP connections. To use a direct TLS or SSL connection, change this
field to Handheld. To use Triple DES and TLS or SSL, change this field to Proxy.
Allow HTTPS Redirections:
Specify whether a prompt appears before a secure web page redirects your browser to another web page.
Protocol:
Specify the protocol that your BlackBerry® device uses for TLS connections between the browser and content servers.
Encryption Strength:
Specify whether your browser only accepts and sends data that is encrypted using 128-bit encryption. To accept and send only data that
is encrypted using 128-bit encryption, change this field to Strong Only. To accept and send data that is encrypted using 128-bit encryption
or 56-bit encryption, change this field to Allow Weak.
Allow FIPS Algorithms Only:
Specify whether your browser accepts and sends data that is encrypted using only FIPS-approved algorithms.
Prompt for Server Trust:
Specify whether a prompt appears when your browser tries to connect to an untrusted content server that your device does not have an
authentication certificate for.
Prompt for Domain Name:
Specify whether a prompt appears when your browser tries to connect to a content server and the domain name on the authentication
certificate for the content server does not match the web address that the browser is trying to connect to.
User Guide
Browser
141
Prompt for Certificate:
Specify whether a prompt appears when your browser tries to connect to a content server. You might want a prompt to appear if your
device has more than one certificate that you use to authenticate with content servers.
Prompt if Client Cert Not Found:
Specify whether a prompt appears when your browser tries to connect to a content server, but your device does not have a certificate that
can be used to authenticate with the content server.
Default Client Cert:
Specify the certificate that your browser uses to authenticate with content servers.
WTLS options
Encryption Strength:
Specify whether your browser only accepts and sends data that is encrypted using 128-bit encryption. To accept and send only data that
is encrypted using 128-bit encryption, change this field to Strong Only. To accept and send data that is encrypted using 128-bit encryption
or 56-bit encryption, change this field to Allow Weak.
Prompt for Server Trust:
Specify whether a prompt appears when your browser tries to connect to an untrusted content server that your device does not have an
authentication certificate for.
Add a trusted content server
You can add content servers to your list of trusted content servers to accelerate the authentication process when you are authenticating with
a content server.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click TLS.
5. Press the Menu key.
6. Click Add Host.
7. Perform one of the following actions:
• If the TLS Default field is set to Proxy, in the Host Name field, type the web address for the content server.
• If the TLS Default field is set to Handheld, in the Host Name field, type the web address for the content server. Set the Certificate
field to the client certificate that you want to use to authenticate with the content server.
8. Click OK.
9. Press the Menu key.
10. Click Save.
User Guide
Browser
142