3 ssl \- SSL record layer
12 .BI /net/ssl/ n /encalgs
13 .BI /net/ssl/ n /hashalgs
14 .BI /net/ssl/ n /secretin
15 .BI /net/ssl/ n /secretout
18 The SSL device provides the interface to the Secure Socket Layer
19 device implementing the record layer protocol of SSLv2
20 (but not the handshake protocol, which is responsible for
21 mutual authentication and key exchange.)
24 device can be thought of as a filter providing optional encryption
27 The top level directory contains a
29 file and subdirectories numbered from zero to the number of connections
33 file reserves a connection. The file descriptor returned from the
35 will point to the control file,
37 of the newly allocated connection. Reading the
40 string representing the number of the
43 A connection is controlled by writing text strings to the associated
45 file. After a connection has been established data may be read from
46 and written to the data file.
48 The SSL protocol provides a stream connection that preserves
50 boundaries. As long as reads always specify buffers that are
51 of equal or greater lengths than the writes at the other end of the
52 connection, one write will correspond to one read.
54 Options are set by writing control messages to the
56 file of the connection.
58 The following control messages are supported:
60 .BI fd \ open-file-descriptor
61 Run the SSL protocol over the existing file descriptor.
66 which means no encryption or digesting.
69 to the control file turns on SHA-1 digest authentication
74 Both can be turned on at once by
75 .BR "alg sha rc4_128" .
91 The mode may be changed at any time during the connection.
93 .BI secretin \ base64-secret
94 The secret for decrypting and authenticating incoming messages
95 can be specified either as a base64 encoded string by writing to the
96 control file, or as a binary byte string using the interface below.
98 .BI secretout \ base64-secret
99 The secret for encrypting and hashing outgoing messages
100 can be specified either as a base64 encoded string by writing to the
101 control file, or as a binary byte string using the interface below.
103 Before enabling digesting or encryption, shared secrets must be agreed upon with
104 the remote side, one for each direction of transmission,
105 and loaded as shown above or by writing to the files
109 If either the incoming or outgoing secret is not specified, the other secret
110 is assumed to work for both directions.
112 The encryption and hash algoritms actually included in the kernel
113 may be smaller than the set presented here. Reading
117 will give the actual space-separated list of algorithms implemented.
122 .B /sys/src/9/port/devssl.c
124 Messages longer than 4096 bytes are truncated.