Configuring TN3270 for Stunnel

Existing TN3270 clients that do not support SSL can establish secure sessions to UCOP when used in combination with Stunnel (see Installing Stunnel to download and install Stunnel).

UCOP mainframe users are currently using a variety of terminal emulation software, but all configure similarly.

Included below is an example of the steps necessary to configure Vista for use with Stunnel. Other TN3270 clients should have similar configuration options. OASIS users, please see additional notes below.

1. Configuring a Vista session profile for Stunnel

Verify that Stunnel is running. The Stunnel icon should appear in your task tray when running.

Start Vista and pull down the New Session Ask selection under File on the Toolbar.

This will open the new session profile screen:

Add a new Host IP Address of 127.0.0.1 as shown and click Connect:

You should see the following mainframe screen:

TN3270 client is now using the localhost address (127.0.0.1) to connect to Stunnel, which in turn has established a secure connection to UCCMVSB.

2. OASIS Users

If you already have Stunnel in use for the UCLA OASIS system, you'll need to have Technology Service Desk help you configure a separate session for UCCMVSB. You probably already have two TN3270 sessions configured, one (the UCLA session) using Stunnel and the other (UCCMVSB) not using Stunnel. What you will do is configure them both to use the same Stunnel.

Modify the /program files/stunnel 4.0.4/stunnel.conf file, adding the highlighted lines below:

client=yes
debug=5

[TN3270]
accept=localhost:23
connect=zos.ais.ucla.edu:992

[TN3270]
accept=localhost:24
connect=uccmvsb.ucop.edu:992

This tells Stunnel to listen on local port 23 for UCLA traffic and on local port 24 to listen for UCCMVSB traffic.

Now modify your UCCMVSB session as described above, except also change the IP Port from 23 to 24 in step 1c.

Information Technology Services