man(1) Manual page archive

     SSL(3)                                                     SSL(3)

          ssl - secure sockets layer device

          bind '#D' /n/ssl


          The ssl device provides access to a Secure Socket Layer that
          implements the record layer protocol of SSLv2.  The device
          provides encrypting and digesting for many independent con-
          nections.  Once associated with a network connection, the
          ssl device can be thought of as a filter for the connection.
          Ssl can send data in the clear, digested or encrypted. In
          all cases, if ssl is associated with both ends of a connec-
          tion, all messages are delimited.  As long as reads always
          specify buffers that are of equal or greater lengths than
          the writes at the other end of the connection, one write
          will correspond to one read.

          The top-level directory contains a clone file and numbered
          directories, each representing a connection.  Opening the
          clone file reserves a connection; the file descriptor
          resulting from the sys-open(2) will be open on the control
          file, ctl, in the directory that represents the new connec-
          tion.  Reading the control file will return a text string
          giving the connection number (and thus the directory name).

          Writing to ctl controls the corresponding connection.  The
          following control messages are possible:

          fd n Associate the network connection on file descriptor n
               with the ssl device.

          alg clear
               Allow data to pass in the clear with only message
               delimiters added. The device starts in this mode.

          alg sha
               Append a SHA digest to each buffer written to data.
               The digest covers the outgoing secret (written to
               secretout), the message, and a message number which
               starts at 0 and increments by one for each message.
               Messages read have their appended digests compared to a

     SSL(3)                                                     SSL(3)

               digest computed using the incoming secret (written to
               secretin).  If the comparison fails, so will the read.

          alg md4
               Like sha but using the MD4 message digest algorithm.

          alg md5
               Like sha but using the MD5 message digest algorithm.

          alg rc4
          alg rc4_40
          alg rc4_128
          alg rc4_256
               RC4 encrypt each message written to data with the key
               written to secretout, using the key length as indicated
               (40-bit keys by default).

          alg des_56_cbc
               Encrypt the stream using DES and Cipher Block Chaining

          alg des_56_ecb
               Encrypt the stream using DES and Electronic Code Book

          alg ideacbc
               Encrypt the stream using IDEA and CBC

          alg ideaecb
               Encrypt the stream using IDEA and ECB

          alg digest/crypt
               Combine the use of the given digest algorithm and the
               stream encryption algorithm crypt

          Files secretin and secretout must be written before digest-
          ing or encryption is turned on. If only one is written, they
          are both assumed to be the same.

          The mode may be changed at any time during a connection.

          The list of algorithms supported by a given implementation
          of ssl may be read from the read-only text files encalgs
          (encryption algorithms) and hashalgs (hashing algorithms for
          digests).  Each contains a space-separated list of algorithm

          B. Schneier, Applied Cryptography , 1996, J. Wiley & Sons,