|
|
|
<?xml version="1.0" ?>
|
|
|
|
<!DOCTYPE article PUBLIC "-//KDE//DTD DocBook XML V4.2-Based Variant V1.1//EN"
|
|
|
|
"dtd/kdex.dtd" [
|
|
|
|
<!ENTITY % addindex "IGNORE">
|
|
|
|
<!ENTITY % English "INCLUDE" > <!-- change language only here -->
|
|
|
|
]>
|
|
|
|
|
|
|
|
<article lang="&language;">
|
|
|
|
<articleinfo>
|
|
|
|
|
|
|
|
<authorgroup>
|
|
|
|
<author>&Mike.McBride; &Mike.McBride.mail;</author>
|
|
|
|
<!-- TRANS:ROLES_OF_TRANSLATORS -->
|
|
|
|
</authorgroup>
|
|
|
|
|
|
|
|
<date>2002-10-17</date>
|
|
|
|
<releaseinfo>3.1</releaseinfo>
|
|
|
|
|
|
|
|
<keywordset>
|
|
|
|
<keyword>KDE</keyword>
|
|
|
|
<keyword>KControl</keyword>
|
|
|
|
<keyword>crypto</keyword>
|
|
|
|
<keyword>SSL</keyword>
|
|
|
|
<keyword>encryption</keyword>
|
|
|
|
|
|
|
|
</keywordset>
|
|
|
|
</articleinfo>
|
|
|
|
|
|
|
|
<sect1 id="crypto">
|
|
|
|
|
|
|
|
<title>Encryption Configuration</title>
|
|
|
|
|
|
|
|
<sect2 id="crypto-intro">
|
|
|
|
<title>Introduction</title>
|
|
|
|
<para>Many applications within &tde; are capable of exchanging information using
|
|
|
|
encrypted files and/or network transmissions.</para>
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
<sect2 id="crypto-use">
|
|
|
|
<title>Use</title>
|
|
|
|
|
|
|
|
<warning><para>All encryption schemes are only as strong as their
|
|
|
|
weakest link. In general, unless you have some previous
|
|
|
|
training/knowledge, it is better to leave this module
|
|
|
|
unchanged.</para></warning>
|
|
|
|
|
|
|
|
<para>The options within this module can be divided into two
|
|
|
|
groups:</para>
|
|
|
|
|
|
|
|
<para>Two options along the bottom of the module, <guilabel>Warn on
|
|
|
|
entering SSL Mode</guilabel> and <guilabel>Warn on leaving SSL
|
|
|
|
mode</guilabel>, allow you to determine if &tde; should inform you when
|
|
|
|
you enter or leave SSL encryption.</para>
|
|
|
|
|
|
|
|
<para>The remainder of the options are about determining which
|
|
|
|
encryption methods to use, and which should not be used. Once you have
|
|
|
|
selected the appropriate encryption protocols, simply click
|
|
|
|
<guibutton>Apply</guibutton> to commit your changes.</para>
|
|
|
|
|
|
|
|
<tip><para>Only make changes to this module if specific information
|
|
|
|
about the strength or weakness of a particular encryption method is
|
|
|
|
given to you from <emphasis>a reliable source</emphasis>.</para></tip>
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
<!-- Ugh.. write a bunch of stuff about the rest of it -->
|
|
|
|
<sect2 id="ssl_tab">
|
|
|
|
<title>The <guilabel>SSL</guilabel> Tab</title>
|
|
|
|
|
|
|
|
<para>The first option is <guilabel>Enable TLS support if supported by
|
|
|
|
the server</guilabel>. <acronym>TLS</acronym> is Transport Layer
|
|
|
|
Security, and is the newest version of <acronym>SSL</acronym>. It
|
|
|
|
integrates better than <acronym>SSL</acronym> with other protocols,
|
|
|
|
and it has replaced <acronym>SSL</acronym> in protocols such as POP3
|
|
|
|
and <acronym>SMTP</acronym>.</para>
|
|
|
|
|
|
|
|
<para>Then next options are <guilabel>Enable SSL v2</guilabel> and
|
|
|
|
<guilabel>Enable SSL v3</guilabel>. These are the second and third
|
|
|
|
revision of the <acronym>SSL</acronym> protocol, and it is normal to
|
|
|
|
enable both.</para>
|
|
|
|
|
|
|
|
<para>There are several different <firstterm>Ciphers</firstterm>
|
|
|
|
available, and you can enable these separately in the lists labeled
|
|
|
|
<guilabel>SSL v2 Ciphers to Use</guilabel> and <guilabel>SSL v3
|
|
|
|
Ciphers to Use</guilabel>. The actual protocol to use is negotiated
|
|
|
|
by the application and the server when the connection is
|
|
|
|
created.</para>
|
|
|
|
|
|
|
|
<para>There are several <guilabel>Cipher Wizards</guilabel> to help
|
|
|
|
you choose a set that is suitable for your use.</para>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
|
|
<term><guibutton>Most Compatible</guibutton></term>
|
|
|
|
<listitem>
|
|
|
|
<para>Select the settings found to be most compatible with the most
|
|
|
|
servers.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term><guibutton>US Ciphers Only</guibutton></term>
|
|
|
|
<listitem>
|
|
|
|
<para>Select only the US <quote>strong</quote> (128 bit or greater)
|
|
|
|
ciphers.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term><guibutton>Export Ciphers Only</guibutton></term>
|
|
|
|
<listitem>
|
|
|
|
<para>Select only the weak (56 bit or less) ciphers.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term><guibutton>Enable All</guibutton></term>
|
|
|
|
<listitem>
|
|
|
|
<para>Select all ciphers and methods.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
|
|
|
|
<para>Finally, there are some general <acronym>SSL</acronym> settings.</para>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
|
|
<term><guilabel>Use EGD</guilabel></term>
|
|
|
|
<listitem>
|
|
|
|
<para>If selected, <application>OpenSSL</application> will be asked to
|
|
|
|
use the entropy gathering daemon (<acronym>EGD</acronym>) for
|
|
|
|
initializing the pseudo-random number generator.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><guilabel>Use entropy file</guilabel></term>
|
|
|
|
<listitem>
|
|
|
|
<para>If selected, <application>OpenSSL</application> will be asked to
|
|
|
|
use the given file as entropy for initializing the pseudo-random number
|
|
|
|
generator.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><guilabel>Warn on entering SSL mode</guilabel></term>
|
|
|
|
<listitem>
|
|
|
|
<para>If selected, you will be notified when entering an
|
|
|
|
<acronym>SSL</acronym> enabled site.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><guilabel>Warn on leaving SSL mode</guilabel></term>
|
|
|
|
<listitem>
|
|
|
|
<para>If selected, you will be notified when leaving an
|
|
|
|
<acronym>SSL</acronym> based site.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><guilabel>Warn on sending unencrypted data</guilabel></term>
|
|
|
|
<listitem>
|
|
|
|
<para>If selected, you will be notified before sending unencrypted
|
|
|
|
data via a web browser.</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
<sect2 id="openssl">
|
|
|
|
<title>The <guilabel>OpenSSL</guilabel> Tab</title>
|
|
|
|
|
|
|
|
<para>Here you can test if your <application>OpenSSL</application>
|
|
|
|
libraries have been detected correctly by &tde;, with the
|
|
|
|
<guibutton>Test</guibutton> button.</para>
|
|
|
|
|
|
|
|
<para>If the test is unsuccessful, you can specify a path to the
|
|
|
|
libraries in the field labelled <guilabel>Path to OpenSSL Shared
|
|
|
|
Libraries</guilabel>.</para>
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
<sect2 id="your-certificates">
|
|
|
|
<title>The <guilabel>Your Certificates</guilabel> Tab</title>
|
|
|
|
|
|
|
|
<para>The list shows which certificates of yours &tde; knows about.
|
|
|
|
You can easily manage them from here.</para>
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
<sect2 id="authentication">
|
|
|
|
<title>The <guilabel>Authentication</guilabel> Tab</title>
|
|
|
|
|
|
|
|
<para>Not yet documented<!-- No "what's this" to get any info from --></para>
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
<sect2 id="peer-ssl-certificates">
|
|
|
|
<title>The <guilabel>Peer SSL Certificates</guilabel> Tab</title>
|
|
|
|
|
|
|
|
<para>The list box shows which site and personal certificates &tde;
|
|
|
|
knows about. You can easily manage them from here.</para>
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
</sect1>
|
|
|
|
|
|
|
|
</article>
|