<othercredit role="translator"><firstname>Malcolm</firstname><surname>Hunter</surname><affiliation><address><email>malcolm.hunter@gmx.co.uk</email></address></affiliation><contrib>Conversion to British English</contrib></othercredit>
<warning><para>All encryption schemes are only as strong as their weakest link. In general, unless you have some previous training/knowledge, it is better to leave this module unchanged.</para></warning>
<para>The options within this module can be divided into two groups:</para>
<para>Two options along the bottom of the module, <guilabel>Warn on entering SSL Mode</guilabel> and <guilabel>Warn on leaving SSL mode</guilabel>, allow you to determine if &kde; should inform you when you enter or leave SSL encryption.</para>
<para>The remainder of the options are about determining which encryption methods to use, and which should not be used. Once you have selected the appropriate encryption protocols, simply click <guibutton>Apply</guibutton> to commit your changes.</para>
<tip><para>Only make changes to this module if specific information about the strength or weakness of a particular encryption method is given to you from <emphasis>a reliable source</emphasis>.</para></tip>
<para>The first option is <guilabel>Enable TLS support if supported by the server</guilabel>. <acronym>TLS</acronym> is Transport Layer Security, and is the newest version of <acronym>SSL</acronym>. It integrates better than <acronym>SSL</acronym> with other protocols, and it has replaced <acronym>SSL</acronym> in protocols such as POP3 and <acronym>SMTP</acronym>.</para>
<para>Then next options are <guilabel>Enable SSL v2</guilabel> and <guilabel>Enable SSL v3</guilabel>. These are the second and third revision of the <acronym>SSL</acronym> protocol, and it is normal to enable both.</para>
<para>There are several different <firstterm>Ciphers</firstterm> available, and you can enable these separately in the lists labelled <guilabel>SSL v2 Ciphers to Use</guilabel> and <guilabel>SSL v3 Ciphers to Use</guilabel>. The actual protocol to use is negotiated by the application and the server when the connection is created.</para>
<para>There are several <guilabel>Cipher Wizards</guilabel> to help you choose a set that is suitable for your use.</para>
<para>If selected, <application>OpenSSL</application> will be asked to use the entropy gathering daemon (<acronym>EGD</acronym>) for initialising the pseudo-random number generator.</para>
<para>If selected, <application>OpenSSL</application> will be asked to use the given file as entropy for initialising the pseudo-random number generator.</para>
<para>Here you can test if your <application>OpenSSL</application> libraries have been detected correctly by &kde;, with the <guibutton>Test</guibutton> button.</para>
<para>If the test is unsuccessful, you can specify a path to the libraries in the field labelled <guilabel>Path to OpenSSL Shared Libraries</guilabel>.</para>
