1 files changed, 84 insertions, 0 deletions
diff --git a/src/lib/libssl/src/doc/ssl-ciph.doc b/src/lib/libssl/src/doc/ssl-ciph.doc
new file mode 100644
index 0000000000..33a7e41f0e
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl-ciph.doc
@@ -0,0 +1,84 @@
+This is a quick high level summery of how things work now.
+Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra
+minor ones.
+They are 'The key exchange algorithm', which is RSA for SSLv2 but can also
+be Diffle-Hellman for SSLv3.
+An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or
+none.
+The cipher
+The MAC digest.
+A cipher can also be an export cipher and is either an SSLv2 or a
+SSLv3 ciphers.
+To specify which ciphers to use, one can either specify all the ciphers,
+one at a time, or use 'aliases' to specify the preference and order for
+the ciphers.
+There are a large number of aliases, but the most importaint are
+kRSA, kDHr, kDHd and kEDH for key exchange types.
+aRSA, aDSS, aNULL and aDH for authentication
+DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers
+MD5, SHA0 and SHA1 digests
+Now where this becomes interesting is that these can be put together to
+specify the order and ciphers you wish to use.
+To speed this up there are also aliases for certian groups of ciphers.
+The main ones are
+SSLv2   - all SSLv2 ciphers
+SSLv3   - all SSLv3 ciphers
+EXP     - all export ciphers
+LOW     - all low strngth ciphers (no export ciphers, normally single DES)
+MEDIUM  - 128 bit encryption
+HIGH    - Triple DES
+These aliases can be joined in a : separated list which specifies to
+add ciphers, move them to the current location and delete them.
+A simpler way to look at all of this is to use the 'ssleay ciphers -v' command.
+The default library cipher spec is
+!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP
+which means, first, remove from consideration any ciphers that do not
+authenticate.  Next up, use ciphers using RC4 and RSA.  Next include the HIGH,
+MEDIUM and the LOW security ciphers.  Finish up by adding all the export
+ciphers on the end, then 'pull' all the SSLv2 and export ciphers to
+the end of the list.
+The results are
+$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP'
+RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
+RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
+EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
+EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
+DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
+IDEA-CBC-MD5            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
+EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
+EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
+DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
+DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5 
+DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5 
+IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5 
+RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
+RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
+EXP-EDH-RSA-DES-CBC     SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
+EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
+EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
+EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
+EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
+EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
+EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
+I would recoment people use the 'ssleay ciphers -v "text"'
+command to check what they are going to use.
+Anyway, I'm falling asleep here so I'll do some more tomorrow.
+eric

diff --git a/src/lib/libssl/src/doc/ssl-ciph.doc b/src/lib/libssl/src/doc/ssl-ciph.doc new file mode 100644 index 0000000000..33a7e41f0e --- /dev/null +++ b/src/lib/libssl/src/doc/ssl-ciph.doc
@@ -0,0 +1,84 @@
	1	This is a quick high level summery of how things work now.
	2
	3	Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra
	4	minor ones.
	5
	6	They are 'The key exchange algorithm', which is RSA for SSLv2 but can also
	7	be Diffle-Hellman for SSLv3.
	8
	9	An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or
	10	none.
	11
	12	The cipher
	13
	14	The MAC digest.
	15
	16	A cipher can also be an export cipher and is either an SSLv2 or a
	17	SSLv3 ciphers.
	18
	19	To specify which ciphers to use, one can either specify all the ciphers,
	20	one at a time, or use 'aliases' to specify the preference and order for
	21	the ciphers.
	22
	23	There are a large number of aliases, but the most importaint are
	24	kRSA, kDHr, kDHd and kEDH for key exchange types.
	25
	26	aRSA, aDSS, aNULL and aDH for authentication
	27	DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers
	28	MD5, SHA0 and SHA1 digests
	29
	30	Now where this becomes interesting is that these can be put together to
	31	specify the order and ciphers you wish to use.
	32
	33	To speed this up there are also aliases for certian groups of ciphers.
	34	The main ones are
	35	SSLv2 - all SSLv2 ciphers
	36	SSLv3 - all SSLv3 ciphers
	37	EXP - all export ciphers
	38	LOW - all low strngth ciphers (no export ciphers, normally single DES)
	39	MEDIUM - 128 bit encryption
	40	HIGH - Triple DES
	41
	42	These aliases can be joined in a : separated list which specifies to
	43	add ciphers, move them to the current location and delete them.
	44
	45	A simpler way to look at all of this is to use the 'ssleay ciphers -v' command.
	46	The default library cipher spec is
	47	!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP
	48	which means, first, remove from consideration any ciphers that do not
	49	authenticate. Next up, use ciphers using RC4 and RSA. Next include the HIGH,
	50	MEDIUM and the LOW security ciphers. Finish up by adding all the export
	51	ciphers on the end, then 'pull' all the SSLv2 and export ciphers to
	52	the end of the list.
	53
	54	The results are
	55	$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP'
	56
	57	RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
	58	RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
	59	EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
	60	EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
	61	DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
	62	IDEA-CBC-MD5 SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
	63	EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
	64	EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
	65	DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
	66	DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
	67	DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
	68	IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5
	69	RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
	70	RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
	71	EXP-EDH-RSA-DES-CBC SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
	72	EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
	73	EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
	74	EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
	75	EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
	76	EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
	77	EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
	78
	79	I would recoment people use the 'ssleay ciphers -v "text"'
	80	command to check what they are going to use.
	81
	82	Anyway, I'm falling asleep here so I'll do some more tomorrow.
	83
	84	eric