[Top] [Prev]

ssl - secure sockets layer device

bind '#D' /<n>/ssl

/<n>/ssl/data
/<n>/ssl/ctl
/<n>/ssl/secretin
/<n>/ssl/secretout

Description

The ssl device implements the link layer of the secure sockets layer defined by Netscape. Each binding of #D into the name space creates a new ssl device. Once associated with a network connection, the ssl device can be thought of as a filter for the connection. The ssl device can send data in the clear, digested or encrypted. In all cases, if an ssl device is associated with both ends of a connection, all messages are delimited. As long as reads always specify buffers that are of equal or greater lengths than the writes at the other end of the connection, one write will correspond to one read.

Writing to /<n>/ssl/ctl controls the ssl device. The following control messages are possible:
fd n

Associate the network connection on file descriptor n with the ssl device.

alg clear

Allow data to pass in the clear with only message delimiters added. The device starts in this mode.

alg sha

Append a sha digest to each buffer written to
/<n>/ssl/data. The digest covers the outgoing secret (written to /<n>/ssl/secretout), the message, and a message number which starts at 0 and increments by one each message. Messages read have their appended digests compared to a digest computed using the incoming secret (written to /<n>/ssl/secretin). If the comparison fails, so will the read.

alg md5

Like sha but using the md5 message digest algorithm.

alg rc4

RC4 encrypt each message written to /<n>/ssl/data with the key written to /<n>/ssl/secretout.

Decrypt

Incoming messages with the key written to
/<n>/ssl/secretin.

alg descbc

Available only by agreement in the US

alg desecb

Available only by agreement in the US

Files /<n>/ssl/secretin and /<n>/ssl/secretout must be written before the digesting or encryption is turned on. If only one is written, they are both assumed to be the same.

The mode may be changed at any time during a connection.

See Also

B. Schneier, Applied Cryptography, 1996, J. Wiley & Sons, Inc.

connect, secret - interface to the Secure Sockets Layer device in Chapter 9



[Top] [Prev]

infernosupport@lucent.com
Copyright © 1996,Lucent Technologies, Inc. All rights reserved.