3 How to Use TTXSSL.


3.1 Operation

TTXSSL is used in the same way as Tera Term Pro. Thus, please refer to the documents or the help file attached to Tera Term Pro. The only points that differ to the original Tera Term Pro are the following:

 If the telnetd (telnet server) you are connecting to(see note 1 below) is SSL enabled, run TTXSSL as an SSL enabled telnet client.
When running as an SSL enabled telnet client, in the title bar the code
TeraTerm - foo.hoge.co.jp VT - SSL connection using RC4-SHA
is displayed, indicating that presently SSL is being used.
If the telnet server you are connecting to is not SSL enabled, run TTXSSL as a usual telnet client.

For version 0.2a1 and later, in the directory in which Tera Term Pro was installed, there is a file called ttxssl.ini , and TTXSSL configuration is performed by editing this file.

If you select the [Help] - [about Ssl] menu, a WWW browser will activate and display documents regarding SSL implementation. Note: the documents are located on Infoscience Corporation's WWW server, and thus to display them you need to be using a computer that can connect to the internet.

 (Note 1)There is an SSL enabled telnetd in which SSL was implemented by Tim Hudson. This is called SSLtelnet, and the source, which includes a SSL telnet enabled client, is available here For details, please see the SSLtelnet documents.

 



 

3.2 How to Configure.

TTXSSL configuration is performed by editing the file called
ttxssl.ini which is in the directory that Tera Term Pro was installed in.
Following is the explanation for each section and each key.

 SSL Section

Now we will perform the configuration for SSL. Currently there are no other sections apart from this one.

NOSSL Key

When not using SSL select 'yes'. The default is 'no'.
Version Key
This will select the SSL protocol version. Default is 2.
Cert Key
This will designate the path of the client's certificate.
Key Key
This will designate the path of the client's private key.
CApath Key
This will designate the path of the directory containing the CA's certificate.
CAfile Key
This will designate the path of the CA's certificate.
Verify Key
When not performing server verification select 0.
When performing server verification, assign the greatest value of depth of server verification. Default is 0.

3.3 Command Line

With the above configuration file, some of the items which can be configured may also be configured from the command line.

 /NOSSL Option

Don't use SSL.
/SSL2 Option
Use SSL protocol version 2.
/SSL3 Option
Use SSL protocol version 3.
 
/cert Option
After the "=" sign, assign the path of the client's certificate.
/key Option
After the "=" sign, assign the path of the client's private key.
/CAfile Option
After the "=" sign, assign the path of the CA's certificate to be used.
/CApath Option
After the "=" sign, assign the path of the directory containing the CA's certificate to be used.

3.4 telnetd Configuration

In testing the operation of this software, Tim Hudson's SSLtelnet on Linux was used as telnetd.

For purposes of this explanation, telnetd's private key is "demo_sv.key", telnetd's certificate is "demo_sv.pem",and the CA's certificate is "demo_ca.pem". Also, we will assume SSLeay is installed in /usr/local/ssl, SSLtelnetd command is /usr/local/ssl/bin/telnetd, and the certificate was created using ssleay's command.

 1.Configuration of the CA's certificate.

Firstly, move the CA's certificate "demo_ca.pem" to usr/local/ssl/certs" . Then, using the following command, hash the "demo_ca.pem" file.

 cd /usr/local/ssl/certs
ln -s demo_ca.pem `ssleay x509 -noout -hash < demo_ca.pem`.0

2.inetd.conf Configuration
Move "demo_sv.pem" and "demo_sv.key" to /usr/local/ssl/certs and /usr/local/ssl/private respectively.
In order for the next command to operate from inetd,  edit /etc/inetd.conf.

 /usr/local/ssl/bin/telnetd -z secure -z certrequired -z
key=/usr/local/ssl/private/demo_sv.key -z cert=/usr/local/ssl/certs/demo_sv.pem
(in reality it's one line).

3.Restarting inetd
Send HUP signal to inetd, and restart inetd.
The explanation given here of SSLtelnet configuration is strictly only one example.
For further detail, refer to the SSLtelnet documentation.

Please address questions or enquiries relating to the information on this page to:
ssleay@infoscience.co.jp