You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
316 lines
6.4 KiB
316 lines
6.4 KiB
13 years ago
|
<?xml version="1.0" ?>
|
||
|
<!DOCTYPE article PUBLIC "-//KDE//DTD DocBook XML V4.2-Based Variant V1.1//EN"
|
||
|
"dtd/kdex.dtd" [
|
||
|
<!ENTITY % addindex "IGNORE">
|
||
|
<!ENTITY % British-English "INCLUDE"
|
||
|
> <!-- change language only here -->
|
||
|
]>
|
||
|
|
||
|
<article lang="&language;">
|
||
|
<articleinfo>
|
||
|
|
||
|
<authorgroup>
|
||
|
<author
|
||
|
>&Mike.McBride; &Mike.McBride.mail;</author>
|
||
|
<othercredit role="translator"
|
||
|
><firstname
|
||
|
>Malcolm</firstname
|
||
|
><surname
|
||
|
>Hunter</surname
|
||
|
><affiliation
|
||
|
><address
|
||
|
><email
|
||
|
>malcolm.hunter@gmx.co.uk</email
|
||
|
></address
|
||
|
></affiliation
|
||
|
><contrib
|
||
|
>Conversion to British English</contrib
|
||
|
></othercredit
|
||
|
>
|
||
|
</authorgroup>
|
||
|
|
||
|
<date
|
||
|
>2002-10-17</date>
|
||
|
<releaseinfo
|
||
|
>3.1</releaseinfo>
|
||
|
|
||
|
<keywordset>
|
||
|
<keyword
|
||
|
>KDE</keyword>
|
||
|
<keyword
|
||
|
>KControl</keyword>
|
||
|
<keyword
|
||
|
>crypto</keyword>
|
||
|
<keyword
|
||
|
>SSL</keyword>
|
||
|
<keyword
|
||
|
>encryption</keyword>
|
||
|
|
||
|
</keywordset>
|
||
|
</articleinfo>
|
||
|
|
||
|
<sect1 id="crypto">
|
||
|
|
||
|
<title
|
||
|
>Encryption Configuration</title>
|
||
|
|
||
|
<sect2 id="crypto-intro">
|
||
|
<title
|
||
|
>Introduction</title>
|
||
|
<para
|
||
|
>Many applications within &kde; are capable of exchanging information using encrypted files and/or network transmissions.</para>
|
||
|
</sect2>
|
||
|
|
||
|
<sect2 id="crypto-use">
|
||
|
<title
|
||
|
>Use</title>
|
||
|
|
||
|
<warning
|
||
|
><para
|
||
|
>All encryption schemes are only as strong as their weakest link. In general, unless you have some previous training/knowledge, it is better to leave this module unchanged.</para
|
||
|
></warning>
|
||
|
|
||
|
<para
|
||
|
>The options within this module can be divided into two groups:</para>
|
||
|
|
||
|
<para
|
||
|
>Two options along the bottom of the module, <guilabel
|
||
|
>Warn on entering SSL Mode</guilabel
|
||
|
> and <guilabel
|
||
|
>Warn on leaving SSL mode</guilabel
|
||
|
>, allow you to determine if &kde; should inform you when you enter or leave SSL encryption.</para
|
||
|
>
|
||
|
|
||
|
<para
|
||
|
>The remainder of the options are about determining which encryption methods to use, and which should not be used. Once you have selected the appropriate encryption protocols, simply click <guibutton
|
||
|
>Apply</guibutton
|
||
|
> to commit your changes.</para>
|
||
|
|
||
|
<tip
|
||
|
><para
|
||
|
>Only make changes to this module if specific information about the strength or weakness of a particular encryption method is given to you from <emphasis
|
||
|
>a reliable source</emphasis
|
||
|
>.</para
|
||
|
></tip>
|
||
|
|
||
|
</sect2>
|
||
|
|
||
|
<!-- Ugh.. write a bunch of stuff about the rest of it -->
|
||
|
<sect2 id="ssl_tab">
|
||
|
<title
|
||
|
>The <guilabel
|
||
|
>SSL</guilabel
|
||
|
> Tab</title>
|
||
|
|
||
|
<para
|
||
|
>The first option is <guilabel
|
||
|
>Enable TLS support if supported by the server</guilabel
|
||
|
>. <acronym
|
||
|
>TLS</acronym
|
||
|
> is Transport Layer Security, and is the newest version of <acronym
|
||
|
>SSL</acronym
|
||
|
>. It integrates better than <acronym
|
||
|
>SSL</acronym
|
||
|
> with other protocols, and it has replaced <acronym
|
||
|
>SSL</acronym
|
||
|
> in protocols such as POP3 and <acronym
|
||
|
>SMTP</acronym
|
||
|
>.</para>
|
||
|
|
||
|
<para
|
||
|
>Then next options are <guilabel
|
||
|
>Enable SSL v2</guilabel
|
||
|
> and <guilabel
|
||
|
>Enable SSL v3</guilabel
|
||
|
>. These are the second and third revision of the <acronym
|
||
|
>SSL</acronym
|
||
|
> protocol, and it is normal to enable both.</para>
|
||
|
|
||
|
<para
|
||
|
>There are several different <firstterm
|
||
|
>Ciphers</firstterm
|
||
|
> available, and you can enable these separately in the lists labelled <guilabel
|
||
|
>SSL v2 Ciphers to Use</guilabel
|
||
|
> and <guilabel
|
||
|
>SSL v3 Ciphers to Use</guilabel
|
||
|
>. The actual protocol to use is negotiated by the application and the server when the connection is created.</para>
|
||
|
|
||
|
<para
|
||
|
>There are several <guilabel
|
||
|
>Cipher Wizards</guilabel
|
||
|
> to help you choose a set that is suitable for your use.</para>
|
||
|
|
||
|
<variablelist>
|
||
|
<varlistentry>
|
||
|
<term
|
||
|
><guibutton
|
||
|
>Most Compatible</guibutton
|
||
|
></term>
|
||
|
<listitem>
|
||
|
<para
|
||
|
>Select the settings found to be most compatible with the most servers.</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
<varlistentry>
|
||
|
<term
|
||
|
><guibutton
|
||
|
>US Ciphers Only</guibutton
|
||
|
></term>
|
||
|
<listitem>
|
||
|
<para
|
||
|
>Select only the US <quote
|
||
|
>strong</quote
|
||
|
> (128 bit or greater) ciphers.</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
<varlistentry>
|
||
|
<term
|
||
|
><guibutton
|
||
|
>Export Ciphers Only</guibutton
|
||
|
></term>
|
||
|
<listitem>
|
||
|
<para
|
||
|
>Select only the weak (56 bit or less) ciphers.</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
<varlistentry>
|
||
|
<term
|
||
|
><guibutton
|
||
|
>Enable All</guibutton
|
||
|
></term>
|
||
|
<listitem>
|
||
|
<para
|
||
|
>Select all ciphers and methods.</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
</variablelist>
|
||
|
|
||
|
<para
|
||
|
>Finally, there are some general <acronym
|
||
|
>SSL</acronym
|
||
|
> settings.</para>
|
||
|
|
||
|
<variablelist>
|
||
|
<varlistentry>
|
||
|
<term
|
||
|
><guilabel
|
||
|
>Use EGD</guilabel
|
||
|
></term>
|
||
|
<listitem>
|
||
|
<para
|
||
|
>If selected, <application
|
||
|
>OpenSSL</application
|
||
|
> will be asked to use the entropy gathering daemon (<acronym
|
||
|
>EGD</acronym
|
||
|
>) for initialising the pseudo-random number generator.</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
<term
|
||
|
><guilabel
|
||
|
>Use entropy file</guilabel
|
||
|
></term>
|
||
|
<listitem>
|
||
|
<para
|
||
|
>If selected, <application
|
||
|
>OpenSSL</application
|
||
|
> will be asked to use the given file as entropy for initialising the pseudo-random number generator.</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
<term
|
||
|
><guilabel
|
||
|
>Warn on entering SSL mode</guilabel
|
||
|
></term>
|
||
|
<listitem>
|
||
|
<para
|
||
|
>If selected, you will be notified when entering an <acronym
|
||
|
>SSL</acronym
|
||
|
> enabled site.</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
<term
|
||
|
><guilabel
|
||
|
>Warn on leaving SSL mode</guilabel
|
||
|
></term>
|
||
|
<listitem>
|
||
|
<para
|
||
|
>If selected, you will be notified when leaving an <acronym
|
||
|
>SSL</acronym
|
||
|
> based site.</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
<term
|
||
|
><guilabel
|
||
|
>Warn on sending unencrypted data</guilabel
|
||
|
></term>
|
||
|
<listitem>
|
||
|
<para
|
||
|
>If selected, you will be notified before sending unencrypted data via a web browser.</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
</variablelist>
|
||
|
</sect2>
|
||
|
|
||
|
<sect2 id="openssl">
|
||
|
<title
|
||
|
>The <guilabel
|
||
|
>OpenSSL</guilabel
|
||
|
> Tab</title>
|
||
|
|
||
|
<para
|
||
|
>Here you can test if your <application
|
||
|
>OpenSSL</application
|
||
|
> libraries have been detected correctly by &kde;, with the <guibutton
|
||
|
>Test</guibutton
|
||
|
> button.</para>
|
||
|
|
||
|
<para
|
||
|
>If the test is unsuccessful, you can specify a path to the libraries in the field labelled <guilabel
|
||
|
>Path to OpenSSL Shared Libraries</guilabel
|
||
|
>.</para>
|
||
|
|
||
|
</sect2>
|
||
|
|
||
|
<sect2 id="your-certificates">
|
||
|
<title
|
||
|
>The <guilabel
|
||
|
>Your Certificates</guilabel
|
||
|
> Tab</title>
|
||
|
|
||
|
<para
|
||
|
>The list shows which certificates of yours &kde; knows about. You can easily manage them from here.</para>
|
||
|
|
||
|
</sect2>
|
||
|
|
||
|
<sect2 id="authentication">
|
||
|
<title
|
||
|
>The <guilabel
|
||
|
>Authentication</guilabel
|
||
|
> Tab</title>
|
||
|
|
||
|
<para
|
||
|
>Not yet documented </para>
|
||
|
</sect2>
|
||
|
|
||
|
<sect2 id="peer-ssl-certificates">
|
||
|
<title
|
||
|
>The <guilabel
|
||
|
>Peer SSL Certificates</guilabel
|
||
|
> Tab</title>
|
||
|
|
||
|
<para
|
||
|
>The list box shows which site and personal certificates &kde; knows about. You can easily manage them from here.</para>
|
||
|
|
||
|
</sect2>
|
||
|
|
||
|
</sect1>
|
||
|
|
||
|
</article>
|