[an error occurred while processing this directive]

1 Introduction

This document is a description of TTXSSL and it's previous version 'SSL Tera Term Pro' the freeware terminal emulator Tera Term Pro developed by Mr. T Teranishi, which implements SSL(Secure Sockets Layer).

We've also prepared a simple explanation of SSL and the free library for the purpose of implementing SSL, - SSLeay.

Further, prior to use be sure to read the 1.4 Notes Regarding Use.


1.1 What is SSL?

SSL(Secure Sockets Layer) is a protocol put forward by the American company Netscape. It protects data from theft or tampering by third parties through encrypting and certifying that data. Currently, it is implemented with Netscape's Navigator, and Microsoft's Internet Explorer. However, it is not only for the purpose of HTTP protocols, but can also be implemented with other protocols such as TELNET and FTP. The reason for this being that it is implemented between the transport layer (for example TCP etc.) and the application layer (for example http and telnet).

 

Now, a simple explanation as to how the SSL protocol protects data from 3rd parties.

 Firstly, by encrypting data it prevents 3rd parties from tapping into the information. This encryption is performed by a common key system (a system where a common key is used for encryption and decryption. Also called secret key encryption system, or symmetrical key encryption system).

In order for two communicating parties to jointly possess this common key, it must first be created on one side, and then sent to the other side. This common key is safely sent to the other party after being encrypted by a public key encryption system (a system where seperate keys are used for encryption and decryption. Also called asymmetrical encryption system).

 In other words, the public key encryption system is used only for safely sending the common key. The actual data to be transmitted is encrypted using the common key encryption system. The reason for adopting this method is that the public key encryption system is more time consuming for encryption and decryption operations compared to the common key encryption system. Presently, as described above, a combination of the common key encryption system and the public key encryption system is generally used.

 So, in this way data can be sent and received without 3rd parties tapping in. However, this does not always mean that the other party you are transmitting to is actually the party you want to transmit to. It's possible for a completely different person to falsify their identity, and pretend to be the party you wish to communicate with.

 With SSL, certification is conducted whereby ones identity can be guaranteed by a trustworthy 3rd party (to be exact, a signature is put on the information of your public key etc.) This trustworthy 3rd party is known as CA (Certification Authority).
In other words, the idea is that if the other party has information (public key etc) which has the signature of the well known CA, then you can trust the other party's identity.

 Further, using message certification you will be able to check whether data has been tampered with in between being sent and received.

 Currently, the latest version of the SSL protocol is version 3.0. The specifications are here.


1.2 What is SSLeay?

SSLeay is a free SSL library written from scratch and made available by an Australian, Eric A.Young, based on usable SSL protocols and other texts. It can be used on such platforms as UNIX and Windows etc.

 Overall, it has the feel of an expanded socket library, and thus by using this library with existing applications that use sockets, it's considered relatively easy to implement SSL. In actual fact, many applications do implement SSL by using this library. To see what type of applications there are, refer to SSLeay and SSLapps FAQ

 Regarding the library's detailed interface, see SSLeay Programmer Reference

 Also refer to SSLeay and SSLapps FAQ
or it's Japanese translation.

 However, the best referrence is perhaps the source of the samples attached to SSLeay, or the source of applications using SSLeay.
The latest version of SSLeay is version 0.9.0b, which can be obtained here. However, when using Windows, the library needs to be constructed using Microsoft Visual C++ compilers etc. For details please refer to the documents etc, attached to SSLeay.
Note that with the SSL Tera Term Pro archive, the SSLeay module required on implementation is included.


1.3 What is TTXSSL?

SSL Tera Term Pro is a freeware program, which takes the freeware terminal emulator Tera Term Pro developed by T. Teranishi, and adapts it to operate with the SSL protocol (Version 3.0).

 The source of Tera Term Pro has been made available, and based on that source, SSL was implemented using the free SSL library.

In addition to the original functions of Tera Term Pro, SSL Tera Term Pro also has the following:

EPacket encryption using the SSL protocol
ECertification function using the SSL protocol (from version 0.2a1)
Version 0.1a1 was SSL enabled after directly rewriting the original source code.
Versions 0.1a2 and later are SSL enabled using the Tera Term add-on module interface Tera Term Extension Interface(TTX).

 The binary or source for the original Tera Term Pro can be obtained here


1.4 Notes Regarding Use

TTXSSL is freeware. SSL was implemented by Infoscience Corporation Pty Ltd. Infoscience Pty Ltd does not accept responsibility for any damage that may occur from using this program. Further, Infoscience Pty Ltd does not accept responsibility for any damage that may occur from the acquisition or use of this distributed package.

(Caution) Although the SSLeay library is included in the distributed package, when obtaining and using SSLeay there is a possibility of experiencing problems with patents or export regulations. In order to avoid any such problems it may be neccessary to read the SSLeay documentation, and to check your country's patent and export regulations etc.


Please address questions or enquiries relating to the information on this page to
ssleay@infoscience.co.jp