

You can operate SSLtelnet in three different modes.

1. "telnetd -z ssl" and "telnet yourhost -z ssl"

telnetd only accepts connections from telnet's with option "-z ssl".
telnet first opens a SSL connection to telnetd. Then it negotiates the
telnet options like terminal setting etc. If you use a normal telnet
and connect to telnetd, you get a connection but don't get any prompt
or message. You just see nothing. This is the mode how netscape
connects to an SSL enhanced httpd. So it's possible to do

	telnet -z ssl www.netscape.com 443

2. "telnetd" and "telnet yourhost"

telnetd accepts connections from any telnet (with and without
SSL). telnetd tries to negotiate if telnet speaks SSL. If you connect
with SSLtelnet both sides switch to SSL. After this switch the whole
communication is encrypted.

3. "telnetd -z secure" and "telnet yourhost"

Same as 2. but telnetd only accepts logins from SSLtelnet. All
connections are encrypted. If you connect with normal telnet, you get
the message:

	telnetd: [SSL required - connection rejected].

The options -z verify=<int>, -z cert=<cert> and -z key=<key> are the
same as documented in the SSLeay package in ssl/readme.

-z verify=arg	: Turn on authentication of the server certificate.
		: Arg specifies the 'depth', this will covered below.
-z cert=arg	: The optional certificate to use.  This certificate
		: will be returned to the server if the server
		: requests it for client authentication.
-z key=arg	: The private key that matches the certificate
		: specified by the -cert option.  If this is not
		: specified (but -cert is), the -cert file will be
		: searched for the Private key.  Both files are
		: assumed to be in PEM format.

With -z cipher=<cipher> you can select you prefered cipher.
