ssl – SSL record layer|
bind –a #D /net |
The SSL device provides the interface to the Secure Socket Layer
device implementing the record layer protocol of SSLv2 (but not
the handshake protocol, which is responsible for mutual authentication
and key exchange.) The ssl device can be thought of as a filter
providing optional encryption and anti–tampering. |
The top level directory contains a clone file and subdirectories numbered from zero to the number of connections configured. Opening the clone file reserves a connection. The file descriptor returned from the open(2) will point to the control file, ctl, of the newly allocated connection. Reading the ctl file returns a text string representing the number of the connection.
A connection is controlled by writing text strings to the associated ctl file. After a connection has been established data may be read from and written to the data file.
The SSL protocol provides a stream connection that preserves read/write boundaries. As long as reads always specify buffers that are of equal or greater lengths than the writes at the other end of the connection, one write will correspond to one read.
Options are set by writing control messages to the ctl file of the connection.
The following control messages are supported:
The encryption and hash algoritms actually included in the kernel
may be smaller than the set presented here. Reading encalgs and
hashalgs will give the actual space–separated list of algorithms
Messages longer than 4096 bytes are truncated.|