• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM Bolsters Security in 5250 Emulators

    March 9, 2016 Alex Woodie

    IBM took steps to improve the security of its widely used terminal emulation software for the IBM i server with the version 12 release of its Host Access Client Package. Among the changes in the product–the first major new release of in seven years–are more widespread use of the Transport Layer Security (TLS) encryption protocol in both the Java-based Host On-Demand (HOD) and Personal Communications for Windows (PCOMM) products.

    On February 26, IBM shipped HACP version 12, which includes HOD version 12 and PCOMM version 12. The bundle is the first full refresh of the HACP package since IBM shipped HACP version 7 way back in 2009. That package included HOD version 11 and PCOMM version 6; PCOMM obviously skipped forward six full releases to version 12, apparently so it has the same release number as HOD and HACP.

    In any event, the enhancements in HOD and PCOMM 12 appear–at first glance, anyway–to be worth the wait. Among the chief enhancements are improved security, and the removal of Secure Sockets Layer (SSL) technology by default (although the 5250 file transfer function still uses SSL). SSL encryption technology is considered obsolete by security experts, owing to a host of security vulnerabilities, including some recent ones that can also impact its follow-on successor, TLS.

    The list of enhancements that IBM brought to HOD and PCOMM 12, as depicted in IBM United States Software Announcement 216-117 (pdf) is extensive. Here are some of the highlights:

    HOD 12

    Host On-Demand is a browser-based terminal emulator that traditionally uses a three-tier architecture to enable you to log on to your IBM i servers, mainframes, or other host by way of a separate HOD server.

    Several security enhancements were made to this release. Among the most important are support for TLS 1.1 and 1.2, and disabling of SSL 3.0 by default (although SSL is still supported for the 5250 file transfer function). IBM is supporting TLS by way of the Java Secure Socket Extension (JSSE) in the HOD Redirector, which serves as a Telnet proxy to provide a barrier between HOD clients and the target Telnet server. The HOD Redirector can now use TLS 1.0, 1.1, or 1.2, which is the most secure version of TLS, until TLS 1.3 ships. IBM has also disabled blank passwords, and improved how encryption keys are managed, including support for “extended key usage.”

    The appearance of HOD on your machine will be different now that IBM has adopted the “Java Nimbus” look and feel. IBM has also made changes to how text can be selected, how sessions can be closed, the capability to copy all or part of the green-screen presentation space, and how graphics are printed.

    IBM is introducing a new “stand-alone” mode for the HOD client that allows users to configure and access sessions without any dependency on the HOD server. The software can also now run on browsers without Java plug-ins; on Windows 10 machines; and on 64-bit operating systems, where it runs as a 64-bit process.

    PCOM 12

    PCOMM is a Windows-based emulation client that allows users to access IBM i servers, mainframes, and other servers via 5250, 3270, and other emulation protocols.

    Among the top security-related enhancements in PCOMM 12 is support for TLS 1.1 and 1.2 encryption protocols. It also removed SSL version 3 to prevent POODLE attacks, which impacted IBM i customers and ISVs in late 2014. It also provides mandatory FIPS mode processing to guard against the Bar Mitzvah security vulnerability, which reared its ugly head almost a year ago.

    IBM also is shipping an extension to TLS to support server name indication. IBM says this feature will enable the PCOMM client to specify the server name during the ‘Client Hello” request. This will enable the server to provide a certificate corresponding to that server name when more than one server is sharing a single IP address. PCOMM can also now detects password changes on IBM i hosts and prompts users to update the new password.

    PCOMM 12 supports the Windows 10 operating system. But IBM removed the “classic private” application data location from the product to align with the Microsoft strategy to keep application data out of program file paths, IBM says.

    IBM made some changes to System Network Architecture (SNA) network support. While IBM removed the SNA networking software stack from PCOMM when running on a 64-bit Windows computer, the company does enable clients to start SNA sessions because it has merged the Remote API Client with PCOMM. In a corresponding move, IBM is now bundling the Remote API Client with PCOMM 12.

    For more information see IBM United States Software Announcement 216-117 (pdf).

    RELATED STORIES

    IBM And ISVs Fight POODLE Vulnerability In SSL 3.0

    Migrate Your 5250 Emulator Settings to ACS 1.1.2

    IBM Delivers Tech Preview of New Java-Based 5250 Emulator

    IBM Updates Host Access Client Emulator Packages

    IBM Updates Host Access Client Package for iSeries

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    VISUAL LANSA 16 WEBINAR

    Trying to balance stability and agility in your IBM i environment?

    Join this webinar and explore Visual LANSA 16 – our enhanced professional low-code platform designed to help organizations running on IBM i evolve seamlessly for what’s next.

    🎙️VISUAL LANSA 16 WEBINAR

    Break Monolithic IBM i Applications and Unlock New Value

    Explore modernization without rewriting. Decouple monolithic applications and extend their value through integration with modern services, web frameworks, and cloud technologies.

    🗓️ July 10, 2025

    ⏰ 9 AM – 10 AM CDT (4 PM to 5 PM CEST)

    See the webinar schedule in your time zone

    Register to join the webinar now

    What to Expect

    • Get to know Visual LANSA 16, its core features, latest enhancements, and use cases
    • Understand how you can transition to a MACH-aligned architecture to enable faster innovation
    • Discover native REST APIs, WebView2 support, cloud-ready Azure licensing, and more to help transform and scale your IBM i applications

    Read more about V16 here.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    COMMON:  2016 Annual Meeting & Expo, May 15 - 18, in New Orleans! Great Power Systems event!
    System i Developer:  RPG & DB2 Summit - March 22-24 in Dallas. Check out the session grid!
    NGS:  Webinar: Getting from ? to ! with NGS-IQ - April 5. RSVP Now!

    IBM Kills Off Flex p260+ Node, Offers PureSystems Trade-In More Thoughts On A Hybrid System Of Systems

    Leave a Reply Cancel reply

Volume 26, Number 11 -- March 9, 2016
THIS ISSUE SPONSORED BY:

New Generation Software
Fresche Legacy
Manta Technologies
Chrono-Logic
Baseline Data Services

Table of Contents

  • No More Java 6 Support in Next Version of IBM i
  • IBM Bolsters Security in 5250 Emulators
  • Five Pitfalls of VTL Data Storage in IBM i Environments
  • PowerTech Goes Multi-Platform with Security Policy Software
  • IBM Shuffles IBM i CDC Function and Data Replication Tool

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • With Power11, Power Systems “Go To Eleven”
  • With Subscription Price, IBM i P20 And P30 Tiers Get Bigger Bundles
  • Izzi Buys CNX, Eyes Valence Port To System Z
  • IBM i Shops “Attacking” Security Concerns, Study Shows
  • IBM i PTF Guide, Volume 27, Number 26
  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle