1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
<?xml version="1.0" ?>
<!DOCTYPE article PUBLIC "-//KDE//DTD DocBook XML V4.2-Based Variant V1.1//EN"
"dtd/kdex.dtd" [
<!ENTITY % addindex "IGNORE">
<!ENTITY % British-English "INCLUDE"> <!-- change language only here -->
]>
<article lang="&language;">
<articleinfo>
<authorgroup>
<author>&Mike.McBride; &Mike.McBride.mail;</author>
<othercredit role="translator"><firstname>Malcolm</firstname><surname>Hunter</surname><affiliation><address><email>malcolm.hunter@gmx.co.uk</email></address></affiliation><contrib>Conversion to British English</contrib></othercredit>
</authorgroup>
<date>2002-10-17</date>
<releaseinfo>3.1</releaseinfo>
<keywordset>
<keyword>KDE</keyword>
<keyword>KControl</keyword>
<keyword>crypto</keyword>
<keyword>SSL</keyword>
<keyword>encryption</keyword>
</keywordset>
</articleinfo>
<sect1 id="crypto">
<title>Encryption Configuration</title>
<sect2 id="crypto-intro">
<title>Introduction</title>
<para>Many applications within &kde; are capable of exchanging information using encrypted files and/or network transmissions.</para>
</sect2>
<sect2 id="crypto-use">
<title>Use</title>
<warning><para>All encryption schemes are only as strong as their weakest link. In general, unless you have some previous training/knowledge, it is better to leave this module unchanged.</para></warning>
<para>The options within this module can be divided into two groups:</para>
<para>Two options along the bottom of the module, <guilabel>Warn on entering SSL Mode</guilabel> and <guilabel>Warn on leaving SSL mode</guilabel>, allow you to determine if &kde; should inform you when you enter or leave SSL encryption.</para>
<para>The remainder of the options are about determining which encryption methods to use, and which should not be used. Once you have selected the appropriate encryption protocols, simply click <guibutton>Apply</guibutton> to commit your changes.</para>
<tip><para>Only make changes to this module if specific information about the strength or weakness of a particular encryption method is given to you from <emphasis>a reliable source</emphasis>.</para></tip>
</sect2>
<!-- Ugh.. write a bunch of stuff about the rest of it -->
<sect2 id="ssl_tab">
<title>The <guilabel>SSL</guilabel> Tab</title>
<para>The first option is <guilabel>Enable TLS support if supported by the server</guilabel>. <acronym>TLS</acronym> is Transport Layer Security, and is the newest version of <acronym>SSL</acronym>. It integrates better than <acronym>SSL</acronym> with other protocols, and it has replaced <acronym>SSL</acronym> in protocols such as POP3 and <acronym>SMTP</acronym>.</para>
<para>Then next options are <guilabel>Enable SSL v2</guilabel> and <guilabel>Enable SSL v3</guilabel>. These are the second and third revision of the <acronym>SSL</acronym> protocol, and it is normal to enable both.</para>
<para>There are several different <firstterm>Ciphers</firstterm> available, and you can enable these separately in the lists labelled <guilabel>SSL v2 Ciphers to Use</guilabel> and <guilabel>SSL v3 Ciphers to Use</guilabel>. The actual protocol to use is negotiated by the application and the server when the connection is created.</para>
<para>There are several <guilabel>Cipher Wizards</guilabel> to help you choose a set that is suitable for your use.</para>
<variablelist>
<varlistentry>
<term><guibutton>Most Compatible</guibutton></term>
<listitem>
<para>Select the settings found to be most compatible with the most servers.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guibutton>US Ciphers Only</guibutton></term>
<listitem>
<para>Select only the US <quote>strong</quote> (128 bit or greater) ciphers.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guibutton>Export Ciphers Only</guibutton></term>
<listitem>
<para>Select only the weak (56 bit or less) ciphers.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guibutton>Enable All</guibutton></term>
<listitem>
<para>Select all ciphers and methods.</para>
</listitem>
</varlistentry>
</variablelist>
<para>Finally, there are some general <acronym>SSL</acronym> settings.</para>
<variablelist>
<varlistentry>
<term><guilabel>Use EGD</guilabel></term>
<listitem>
<para>If selected, <application>OpenSSL</application> will be asked to use the entropy gathering daemon (<acronym>EGD</acronym>) for initialising the pseudo-random number generator.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guilabel>Use entropy file</guilabel></term>
<listitem>
<para>If selected, <application>OpenSSL</application> will be asked to use the given file as entropy for initialising the pseudo-random number generator.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guilabel>Warn on entering SSL mode</guilabel></term>
<listitem>
<para>If selected, you will be notified when entering an <acronym>SSL</acronym> enabled site.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guilabel>Warn on leaving SSL mode</guilabel></term>
<listitem>
<para>If selected, you will be notified when leaving an <acronym>SSL</acronym> based site.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><guilabel>Warn on sending unencrypted data</guilabel></term>
<listitem>
<para>If selected, you will be notified before sending unencrypted data via a web browser.</para>
</listitem>
</varlistentry>
</variablelist>
</sect2>
<sect2 id="openssl">
<title>The <guilabel>OpenSSL</guilabel> Tab</title>
<para>Here you can test if your <application>OpenSSL</application> libraries have been detected correctly by &kde;, with the <guibutton>Test</guibutton> button.</para>
<para>If the test is unsuccessful, you can specify a path to the libraries in the field labelled <guilabel>Path to OpenSSL Shared Libraries</guilabel>.</para>
</sect2>
<sect2 id="your-certificates">
<title>The <guilabel>Your Certificates</guilabel> Tab</title>
<para>The list shows which certificates of yours &kde; knows about. You can easily manage them from here.</para>
</sect2>
<sect2 id="authentication">
<title>The <guilabel>Authentication</guilabel> Tab</title>
<para>Not yet documented </para>
</sect2>
<sect2 id="peer-ssl-certificates">
<title>The <guilabel>Peer SSL Certificates</guilabel> Tab</title>
<para>The list box shows which site and personal certificates &kde; knows about. You can easily manage them from here.</para>
</sect2>
</sect1>
</article>
|