> > There's a lot of different things you could mean by
> >"kernel-socket-network-connection". Can you clarify?
> >
> > If you're talking about using SSL to secure network
> >connections that take
> >place purely in kernel space, yes, you can do this. It's fairly tedious
> >because you still want to do the asymmetric cipher in user space.
> >
> > DS
> oh thats bad, because the complete network connection must be realized
> by the kernel. the user should have to do nothing with it.
> is there another way to realize it without using the user space ?
You really should get a security expert who is familiar with your
requirements to comment in more detail. You didn't mention what operating
system you're talking about, but the situation on Windows is totally
different from the situation on UNIXes.
If you really want all the crypto in the kernel, you probably should be
looking at platform-specific solutions.
Linux, for example, has cryptoapi. http://www.kerneli.org/index.phtml
Windows has SSPI.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/se
curity/sspi_model.asp
Not knowing what your requirements are, and somewhat baffled by why anyone
would want to put something that so obviously belongs in user space into the
kernel, it's hard for me to know what to advise you.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
