2 <!DOCTYPE article PUBLIC
"-//KDE//DTD DocBook XML V4.2-Based Variant V1.1//EN"
4 <!ENTITY % addindex
"IGNORE">
5 <!ENTITY % English
"INCLUDE" > <!-- change language only here -->
8 <article lang=
"&language;">
12 <author>&Mike.McBride; &Mike.McBride.mail;
</author>
13 <!-- TRANS:ROLES_OF_TRANSLATORS -->
16 <date>2002-
10-
17</date>
17 <releaseinfo>3.1</releaseinfo>
20 <keyword>KDE
</keyword>
21 <keyword>KControl
</keyword>
22 <keyword>crypto
</keyword>
23 <keyword>SSL
</keyword>
24 <keyword>encryption
</keyword>
31 <title>Encryption Configuration
</title>
33 <sect2 id=
"crypto-intro">
34 <title>Introduction
</title>
35 <para>Many applications within
&kde; are capable of exchanging information using
36 encrypted files and/or network transmissions.
</para>
39 <sect2 id=
"crypto-use">
42 <warning><para>All encryption schemes are only as strong as their
43 weakest link. In general, unless you have some previous
44 training/knowledge, it is better to leave this module
45 unchanged.
</para></warning>
47 <para>The options within this module can be divided into two
50 <para>Two options along the bottom of the module,
<guilabel>Warn on
51 entering SSL Mode
</guilabel> and
<guilabel>Warn on leaving SSL
52 mode
</guilabel>, allow you to determine if
&kde; should inform you when
53 you enter or leave SSL encryption.
</para>
55 <para>The remainder of the options are about determining which
56 encryption methods to use, and which should not be used. Once you have
57 selected the appropriate encryption protocols, simply click
58 <guibutton>Apply
</guibutton> to commit your changes.
</para>
60 <tip><para>Only make changes to this module if specific information
61 about the strength or weakness of a particular encryption method is
62 given to you from
<emphasis>a reliable source
</emphasis>.
</para></tip>
66 <!-- Ugh.. write a bunch of stuff about the rest of it -->
68 <title>The
<guilabel>SSL
</guilabel> Tab
</title>
70 <para>The first option is
<guilabel>Enable TLS support if supported by
71 the server
</guilabel>.
<acronym>TLS
</acronym> is Transport Layer
72 Security, and is the newest version of
<acronym>SSL
</acronym>. It
73 integrates better than
<acronym>SSL
</acronym> with other protocols,
74 and it has replaced
<acronym>SSL
</acronym> in protocols such as POP3
75 and
<acronym>SMTP
</acronym>.
</para>
77 <para>Then next options are
<guilabel>Enable SSL v2
</guilabel> and
78 <guilabel>Enable SSL v3
</guilabel>. These are the second and third
79 revision of the
<acronym>SSL
</acronym> protocol, and it is normal to
82 <para>There are several different
<firstterm>Ciphers
</firstterm>
83 available, and you can enable these separately in the lists labeled
84 <guilabel>SSL v2 Ciphers to Use
</guilabel> and
<guilabel>SSL v3
85 Ciphers to Use
</guilabel>. The actual protocol to use is negotiated
86 by the application and the server when the connection is
89 <para>There are several
<guilabel>Cipher Wizards
</guilabel> to help
90 you choose a set that is suitable for your use.
</para>
94 <term><guibutton>Most Compatible
</guibutton></term>
96 <para>Select the settings found to be most compatible with the most
101 <term><guibutton>US Ciphers Only
</guibutton></term>
103 <para>Select only the US
<quote>strong
</quote> (
128 bit or greater)
108 <term><guibutton>Export Ciphers Only
</guibutton></term>
110 <para>Select only the weak (
56 bit or less) ciphers.
</para>
114 <term><guibutton>Enable All
</guibutton></term>
116 <para>Select all ciphers and methods.
</para>
121 <para>Finally, there are some general
<acronym>SSL
</acronym> settings.
</para>
125 <term><guilabel>Use EGD
</guilabel></term>
127 <para>If selected,
<application>OpenSSL
</application> will be asked to
128 use the entropy gathering daemon (
<acronym>EGD
</acronym>) for
129 initializing the pseudo-random number generator.
</para>
134 <term><guilabel>Use entropy file
</guilabel></term>
136 <para>If selected,
<application>OpenSSL
</application> will be asked to
137 use the given file as entropy for initializing the pseudo-random number
143 <term><guilabel>Warn on entering SSL mode
</guilabel></term>
145 <para>If selected, you will be notified when entering an
146 <acronym>SSL
</acronym> enabled site.
</para>
151 <term><guilabel>Warn on leaving SSL mode
</guilabel></term>
153 <para>If selected, you will be notified when leaving an
154 <acronym>SSL
</acronym> based site.
</para>
159 <term><guilabel>Warn on sending unencrypted data
</guilabel></term>
161 <para>If selected, you will be notified before sending unencrypted
162 data via a web browser.
</para>
169 <title>The
<guilabel>OpenSSL
</guilabel> Tab
</title>
171 <para>Here you can test if your
<application>OpenSSL
</application>
172 libraries have been detected correctly by
&kde;, with the
173 <guibutton>Test
</guibutton> button.
</para>
175 <para>If the test is unsuccessful, you can specify a path to the
176 libraries in the field labelled
<guilabel>Path to OpenSSL Shared
177 Libraries
</guilabel>.
</para>
181 <sect2 id=
"your-certificates">
182 <title>The
<guilabel>Your Certificates
</guilabel> Tab
</title>
184 <para>The list shows which certificates of yours
&kde; knows about.
185 You can easily manage them from here.
</para>
189 <sect2 id=
"authentication">
190 <title>The
<guilabel>Authentication
</guilabel> Tab
</title>
192 <para>Not yet documented
<!-- No "what's this" to get any info from --></para>
195 <sect2 id=
"peer-ssl-certificates">
196 <title>The
<guilabel>Peer SSL Certificates
</guilabel> Tab
</title>
198 <para>The list box shows which site and personal certificates
&kde;
199 knows about. You can easily manage them from here.
</para>