Synopsis

bind '#D' /n/ssl
/n/ssl/data
/n/ssl/ctl
/n/ssl/secretin
/n/ssl/secretout

Writing to /n/ssl/ctl controls the ssl device. The following control messages are possible:

fd n	Associate the network connection on file descriptor n with the ssl device.
alg clear	Allow data to pass in the clear with only message delimiters added. The device starts in this mode.
alg sha	Append a sha digest to each buffer written to /n/ssl/data. The digest covers the outgoing secret (written to /n/ssl/secretout), the message, and a message number which starts at 0 and increments by one each message. Messages read have their appended digests compared to a digest computed using the incoming secret (written to /n/ssl/secretin). If the comparison fails, so will the read.
alg md5	Like sha but using the md5 message digest.
alg rc4	RC4 encrypt each message written to /n/ssl/data with the key written to /n/ssl/secretout.
Decrypt	Incoming messages with the key written to /n/ssl/secretin.
alg descbc	Available only in the commercial product
alg desecb	Available only in the commercial product

Files /n/ssl/secretin and /n/ssl/secretout must be written before the digesting or encryption is turned on. If only one is written, they are both assumed to be the same.

The mode may be changed at any time during a connection.

See Also

B. Schneier, Applied Cryptography, 1996, J. Wiley & Sons, Inc.