Sambar Server Documentation
|
SSL Technical Overview
|
Overview This document is provided as a technical overview of the SSL implementation used in the Sambar Server. It was developed for the US Department of Commerce, Export Control Division to gain US export approval. This document applies to all releases and platforms on which the Sambar Server runs. The Sambar Server SSL support has been released for both the freeware and Pro versions of the Sambar Server. SSL stands for Secure Socket Layer, a protocol developed by Netscape for secure transactions across the Web. SSL uses a form of public key encryption, where the information can be encoded by the browser using a publicly available public key, but can only be decoded by someone who knows the corresponding private key. The most common ciphers used with SSL are RC2 and RC4. These ciphers use 128-bit keys, which offers a high degree of security. An "export" version of these ciphers is also available; the export versions use 40-bit keys, but are otherwise idential to their equivalent 128-bit versions. Inside the USA a license from RSA is required to use these ciphers. The Sambar Server is designed to integrate either the publically available SSLeay package from OpenSSL and/or RSA SSL-C. Neither of these packages are shipped with the Sambar Server, they must be purchased or downloaded from their respective suppliers and placed in the bin directory. United States users are required to use the RSA SSL-C package until the RSA patent expires on September 20, 2000. Note: The current version of the Sambar Server has been tested with the SSLeay DLLs v0.9.0 (10-Apr-1998) and the OpenSSL v0.9.5a DLLs. The SSLeay libraries are the predecessor to OpenSSL; these packages should be compatible. Further, the RSA SSL-C package is also purported to be compatible with SSLeay; regretably four phone calls to the company and three e-mails have gone unanswered with regards to obtaining this package for compatibility testing.
Configuration
Details
Upon accepting a connection on the HTTPS port, the function SSL_get_current_cipher() is called to determine what cipher is being used to connect to the server. Regardless of how the SSL package has been configured, only the following ciphers are accepted by the Sambar Server (all other connections are issued a rejection message):
Note: My original application only requested 40-bit export approval. The list above includes the 128-bit ciphers. My understanding of the new government regulations is that 128-bit ciphers are acceptable at this time (12/27/2000).
|
© 2000 Sambar Technologies.
All Rights reserved. Terms of use.