Host name syntax

From The x3270 Wiki
(Redirected from Category:TLS prefixes)

Note: This special syntax is generally not used from the user interfaces of wc3270 or wx3270, except in scripts or at the x3270> prompt. Those user interfaces allow these options to be specified separately, and construct a properly-formatted host name from them.

Basic syntax

The basic syntax is:

[prefix:...] host [:port] [=accept-name]


A prefix sets an option for a single host session, rather than for all sessions created by the emulator. A prefix is a single letter, separated from the host name by a colon (:), e.g.:

To specify multiple prefixes, separate each of them with a colon, e.g.:
A - NVT-only session
Marks the host as supporting NVT mode only. The emulator does not attempt to negotiate 3270 mode, and defaults the terminal name to xterm (if a monochrome display) or xterm-color (if a color display, New in 4.2).
B - No-op
Formerly caused a change in bind-unlock behavior, but this has now been subsumed by the default value of the bindUnlock resource.
C - CICS host
Disables the automatic keyboard lock after connecting to a host, waiting for the host to format the screen. This is needed for CICS hosts, for example, which do not initially format the screen.
L - Use a TLS tunnel
Causes the emulator to set up a TLS tunnel for the host connection. TLS negotiation happens before TELNET negotiation, so the entire session is encrypted.
N - Disable TN3270E
Disables TN3270E mode. If the host attempts to negotiate TN3270E when this prefix is in use, the emulator will reject it.
T - No-TELNET host
Disables the TELNET protocol for the session. The emulator will no longer treat the TELNET IAC character (0xff) specially.
Y - Disable TLS host certificate checking
Disables TLS host certificate checking. It overrides the value of the verifyHostCert resource.


The host is either a fully-qualified domain name (e.g., or a numeric address in either IPv4 dotted-decimal or IPv6 hexadecimal format. A numeric IPv6 addres must be surrounded by square-bracket characters, e.g., [100:200::1], to keep the colon characters from being misinterpreted.


The optional port is a number separated from the host name by a colon. It overrides the default value of 23 (the TELNET port).


The optional accept-name is separated from the host and optional port by an equals sign (=). It overrides the value of the acceptHostname resource, specifying a name to match against the host's TLS certificate.

URI syntax

New in 4.4

A host can also be specified using a Uniform Resource Identifier (URI), e.g., tn3270://

URIs use the following standard syntax:

scheme :// [username[:password]@] host [:port] [?query]

x3270 supports the following URI schemes:

Query Options
Scheme Meaning Default
Terminal Name
?accepthostname ?lu ?verifyhostcert ?waitoutput
telnet TELNET protocol xterm 23
telnets Secure TELNET protocol
TLS tunnel created
xterm 992
tn3270 TN3720 or TN3270E protocol IBM-3279-2-E 23
tn3270s Secure TN3720/TN3270E protocol
TLS tunnel created
IBM-3279-2-E 992

Query Options

Specifies the subject name to compare against the host TLS certificate.
Specifies a Logical Unit (LU) name or a comma-separated list of Logical Unit names to connect to.
If set to false, do not verify the host TLS certificate. Equivalent to the Y: prefix.
If set to false, do not wait for the host to produce output before unlocking the keyboard the first time. Equivalent to the C: prefix.


The telnet and telnets schemes are equivalent to using the A: prefix.

Passwords are always ignored. Fragments are not allowed.

The default port associated with a URI overrides the port resource.


Connect to in 3270 mode, without a TLS tunnel, on port 23.

Connect to in 3270 mode, with a TLS tunnel but not verifying the host certificate, on port 9100.

Connect to IPv4 address in 3270 mode on port 23.

Connect to IPv6 address 100:200::1 in 3270 mode on port 23.


Connect to IPv6 address 100:200::1, in 3270 mode, on port 9100 with a TLS tunnel, using myhost to match the name from the host's TLS certificate.


Connect to host in 3270 mode, in port 23, specifying Logical units ABC123 and FOO999.

ABC123,[email protected]

Connect to host in NVT mode

Connect to in NVT mode, with a TLS tunnel on port 992.

Connect to in NVT mode, specifying username bob.

telnet://[email protected]