Policy Reference Guide

Local Navigation

WTLS Application policy group

WTLS Disable Invalid Connection IT policy rule

Description

This rule specifies whether to prevent a BlackBerry® device from permitting WTLS connections to servers that have invalid certificates.

Possible values

  • Allow invalid connections
  • Disable invalid connections
  • Prompt user on BlackBerry device

Default value

  • Prompt user on BlackBerry device

Minimum requirements

  • BlackBerry® Device Software 3.6

Rule introduction

  • BlackBerry® Enterprise Server 3.6

WTLS Disable Untrusted Connection IT policy rule

Description

This rule specifies whether to prevent a BlackBerry® device from permitting WTLS connections to untrusted servers.

Possible values

  • Allow untrusted connections
  • Disable untrusted connections
  • Prompt user on BlackBerry device

Default value

  • Prompt user on BlackBerry device

Minimum requirements

  • BlackBerry® Device Software 3.6

Rule introduction

  • BlackBerry® Enterprise Server 3.6

WTLS Disable Weak Ciphers IT policy rule

Description

This rule specifies whether to prevent a BlackBerry® device from using weak algorithms over WTLS connections.

Possible values

  • Allow weak ciphers
  • Disable weak ciphers
  • Prompt user on BlackBerry device

Default value

  • Prompt user on BlackBerry device

Minimum requirements

  • BlackBerry® Device Software 3.6

Rule introduction

  • BlackBerry® Enterprise Server 3.6

WTLS Minimum Strong DH Key Length IT policy rule

Description

This rule specifies the minimum DH key size that a BlackBerry® device uses over WTLS connections. If you configure the minimum key size on the BlackBerry® Enterprise Server to be greater than the minimum key size on the device, the device prompts a BlackBerry device user to trust every highly secure website that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server.

For example, when the user browses to a highly secure website that uses a 512-bit DH key in its certificate, the device prompts the user to trust the website. If the user trusts the website and selects the Don't Ask Again option, the minimum key size on the device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the device prompts the user to trust every highly secure website that uses a key size in its certificate that is less than 2048 bits.

This rule is obsolete in BlackBerry Enterprise Server 5.0 SP2.

Possible values

  • 512 to 4096 bits

Default value

  • 1024 bits on the device
  • 512 bits on the BlackBerry Enterprise Server

Minimum requirements

  • BlackBerry® Device Software 3.6
  • BlackBerry Enterprise Server 3.6

Rule introduction

  • BlackBerry Enterprise Server 3.6

WTLS Minimum Strong ECC Key Length IT policy rule

Description

This rule specifies the minimum ECC key size that a BlackBerry® device uses over WTLS connections. If you configure the minimum key size on the BlackBerry® Enterprise Server to be greater than the minimum key size on the device, the device prompts a BlackBerry device user to trust every highly secure website that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server.

For example, when a user browses to a highly secure website that uses a 160-bit ECC key in its certificate, the device prompts the user to trust the website. If the user trusts the website and selects the Don't Ask Again option, the minimum key size on the device is configured to 160 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 233 bits, the device continues to prompt the user to trust every highly secure website that uses a key size in its certificate that is less than 233 bits.

This rule is obsolete in BlackBerry Enterprise Server 5.0 SP2.

Possible values

  • 160 to 571 bits

Default value

  • 163 bits on the device
  • 160 bits on the BlackBerry Enterprise Server

Minimum requirements

  • BlackBerry® Device Software 3.6

Rule introduction

  • BlackBerry Enterprise Server 3.6

WTLS Minimum Strong RSA Key Length IT policy rule

Description

This rule specifies the minimum RSA® key size that a BlackBerry® device uses over WTLS connections. If you configure the minimum key size on the BlackBerry® Enterprise Server to be greater than the minimum key size on the device, the device prompts a BlackBerry device user to trust every highly secure website that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server.

For example, when the user browses to a highly secure website that uses a 512-bit RSA key in its certificate, the device prompts the user to trust the website. If the user trusts the website and selects the Don't Ask Again option, the minimum key size on the device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the device prompts the user to trust every highly secure website that uses a key size in its certificate that is less than 2048 bits.

This rule is obsolete in BlackBerry Enterprise Server 5.0 SP2.

Possible values

  • 512 to 4096 bits

Default value

  • 1000 bits on the device
  • 512 bits on the BlackBerry Enterprise Server

Minimum requirements

  • BlackBerry® Device Software 3.6

Rule introduction

  • BlackBerry Enterprise Server 3.6

WTLS Restrict FIPS Ciphers IT policy rule

Description

This rule specifies whether the BlackBerry® device can use an algorithm with WTLS that is not FIPS-compliant.

Possible values

  • False
  • No

Default value

  • No

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0

Was this information helpful? Send us your comments.