diff options
Diffstat (limited to 'docs/README.ssl')
-rw-r--r-- | docs/README.ssl | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/docs/README.ssl b/docs/README.ssl new file mode 100644 index 00000000..c9d1c79e --- /dev/null +++ b/docs/README.ssl @@ -0,0 +1,69 @@ +SSL support for Lynx 2.8.5pre.1 +-- adapted from http://www.mentovai.com/lynx/ + +Lynx, in its unmodified form, will not allow you to make secure socket layer +(SSL) connections. SSL is used for the secure transfer of information over the +Internet. Many sites are now requiring SSL to ensure security for themselves +and their users. With a version of Lynx modified to support SSL, Lynx users +can now visit these sites with ease as well. + +The SSL configure option (--with-ssl) for Lynx provides the ability to make use +of SSL over HTTP for secure access to web sites (HTTPS) and over NNTP for +secure access to news servers (SNEWS). SSL is handled transparently, allowing +users to continue accessing web sites and news services from within Lynx +through the same interface for both secure and standard transfers. + +This is based on, and requires, the OpenSSL library. OpenSSL's distribution +and use may be restricted by licenses and laws. For information on obtaining +OpenSSL, as well as information on its distribution, see + + http://www.openssl.org/ + +The main distribution site is at + + ftp://ftp.openssl.org/source/ + +Lynx also has experimental support for GnuTLS (configure option --with-gnutls). +For information on GnuTLS, see + + http://www.gnu.org/software/gnutls/ + +To test your version of Lynx for SSL support, try it out with an SSL site. +Below are secure (https) pages which will load if your browser contains SSL +support and you accept their certificates; they give you some information about +the connection. + + https://www.gnutls.org:5555/ + https://www2.ggn.net/cgi-bin/ssl + +Lynx will complain about the certificate, since the certificate presented is +untrusted. You may accept this certificate to test your configuration, since +it is a test, but it is a bad idea to blindly accept certificates from unknown +websites if you are transmitting form data or files. + +You should review the document README.sslcerts for a detailed discussion of +correct certificate handling possibilities and procedures in lynx. + +Users are reminded to check the laws and regulations about encryption software +in their own countries. + +Here is the URL for US notification rules: + + http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html + +Note that that isn't a typo; it really is "Nofify". The site contains +links to the full EAR regulations. + +Lynx is GPL'd, for our own use it falls under the regulations in EAR section +740.13(e)(1): + + (1) Encryption source code controlled under 5D002, which would be + considered publicly available under section 734.3(b)(3) and + which is not subject an express agreement for the payment a + licensing fee or royalty for commercial production or sale of + any product developed with the source code, is released from + EI controls and may be exported or reexported without review + under License Exception TSU, provided you have submitted + written notification to BXA of the Internet location (e.g., + URL or Internet address) or a copy of source code by the time + of export. |