Browser security
About TLS
The BlackBerry® Browser configuration is designed to use TLS or SSL to encrypt data that your device sends or receives over the
Internet through the BlackBerry® Enterprise Server. Communication between your device and the BlackBerry Enterprise Server
is encrypted using Triple DES. Communication between the BlackBerry Enterprise Server and content servers is encrypted using
SSL or TLS. To increase security, you can set up TLS for HTTP connections between your device and the BlackBerry Enterprise
Server and use Triple DES encryption for all other communication between your device and the BlackBerry Enterprise Server.
User Guide
Browser
157
TLS options
Option
Description
Permit SSL 3.0
Specify whether your browser accepts SSL connections. If you do not select this
option, your browser allows only TLS connections.
Encryption Strength
Specify whether your browser only accepts and sends data that is encrypted using
128-bit encryption. To accept and send only data that is encrypted using 128-bit
encryption, change this field to Strong Only. To accept and send data that is
encrypted using 128-bit encryption or 56-bit encryption, change this field to Allow
Weak.
Digest Strength
Specify whether your browser accepts data with weak digest algorithms or accepts
only data with strong digest algorithms. The stronger the digest algorithm is, the
more secure your browsing experience is. To accept data with weak digest
algorithms, change this field to Allow Weak. To accept only data with strong digest
algorithms, change this field to Strong Only. To be prompted to accept data with
weak digest algorithms, change this field to Prompt. Depending on the options that
your administrator sets, you might not be able to change this option.
Manage browser security
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Advanced Security Settings > TLS.
3. Set the security options.
4. Press the
key > Save.
Add a trusted content server
If your email account uses a BlackBerry® Enterprise Server, you can add content servers to your list of trusted content servers
to accelerate the authentication process when you are authenticating with a content server.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Advanced Security Settings > TLS.
3. Highlight the Trust Hosts field.
4. Press the
key > Add Host.
5. Type the web address for the content server.
6. Click OK.
7. Press the
key > Save.
User Guide
Browser
158
Add or change a web site that is associated with a certificate
To access some web sites, you might need to provide an authentication certificate. After you provide a certificate to a web site,
the web site and the associated certificate are automatically added to the Host/Certificate Mappings list in your TLS options.
You can manually add or change a web site that is associated with a certificate.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Advanced Security Settings > TLS.
• To manually associate a web site with a certificate, highlight the Host/Certificate Mappings field. Press the
key >
Add Host. In the Host Name field, type the web site name. In the Certificate field, select the certificate that is
associated with the web site. Click OK.
• To change a web site that is associated with a certificate, in the Host/Certificate Mappings list, highlight an item. Press
the
key > Edit. Change the certificate. Click OK.
3. Press the
key > Save.