BlackBerry Curve 8530 8520 - Browser security

About WTLS

The WAP Browser configuration is designed to use WTLS to encrypt data that your BlackBerry® device sends and receives over the Internet
through a WAP gateway. Communication between your device and the WAP gateway is encrypted using WTLS. Communication between the
WAP gateway and content servers is encrypted using TLS or SSL.

Manage browser security

1.

On the Home screen or in a folder, click the Options icon.

2. Click Security Options.
3. Click Advanced Security Options.
4. Click TLS or WTLS.
5. Set the security options.
6. Press the Menu key.
7. Click Save.

TLS options

TLS Default:

Specify the type of TLS or SSL connection that your browser uses for HTTP connections. To use a direct TLS or SSL connection, change this
field to Handheld. To use Triple DES and TLS or SSL, change this field to Proxy.

Allow HTTPS Redirections:

Specify whether a prompt appears before a secure web page redirects your browser to another web page.

Protocol:

Specify the protocol that your BlackBerry® device uses for TLS connections between the browser and content servers.

Encryption Strength:

Specify whether your browser only accepts and sends data that is encrypted using 128-bit encryption. To accept and send only data that
is encrypted using 128-bit encryption, change this field to Strong Only. To accept and send data that is encrypted using 128-bit encryption
or 56-bit encryption, change this field to Allow Weak.

Allow FIPS Algorithms Only:

Specify whether your browser accepts and sends data that is encrypted using only FIPS-approved algorithms.

Prompt for Server Trust:

Specify whether a prompt appears when your browser tries to connect to an untrusted content server that your device does not have an
authentication certificate for.

Prompt for Domain Name:

Specify whether a prompt appears when your browser tries to connect to a content server and the domain name on the authentication
certificate for the content server does not match the web address that the browser is trying to connect to.

User Guide

Browser

141

Prompt for Certificate:

Specify whether a prompt appears when your browser tries to connect to a content server. You might want a prompt to appear if your
device has more than one certificate that you use to authenticate with content servers.

Prompt if Client Cert Not Found:

Specify whether a prompt appears when your browser tries to connect to a content server, but your device does not have a certificate that
can be used to authenticate with the content server.

Default Client Cert:

Specify the certificate that your browser uses to authenticate with content servers.

WTLS options

Encryption Strength:

Specify whether your browser only accepts and sends data that is encrypted using 128-bit encryption. To accept and send only data that
is encrypted using 128-bit encryption, change this field to Strong Only. To accept and send data that is encrypted using 128-bit encryption
or 56-bit encryption, change this field to Allow Weak.

Prompt for Server Trust:

Specify whether a prompt appears when your browser tries to connect to an untrusted content server that your device does not have an
authentication certificate for.

Add a trusted content server

You can add content servers to your list of trusted content servers to accelerate the authentication process when you are authenticating with
a content server.
1.

On the Home screen or in a folder, click the Options icon.

2. Click Security Options.
3. Click Advanced Security Options.
4. Click TLS.
5. Press the Menu key.
6. Click Add Host.
7. Perform one of the following actions:

• If the TLS Default field is set to Proxy, in the Host Name field, type the web address for the content server.
• If the TLS Default field is set to Handheld, in the Host Name field, type the web address for the content server. Set the Certificate

field to the client certificate that you want to use to authenticate with the content server.

8. Click OK.
9. Press the Menu key.
10. Click Save.

User Guide

Browser

142