A UCSPI-TLS enhanced server makes optional SSL services available to
       the client by providing three file descriptors: a control socket, a
       reading pipe, and a writing pipe.

       The file descriptor number of the control socket will be in the
       environment variable $SSLCTLFD.

       The file descriptor number of the reading pipe will be in the
       environment variable $SSLREADFD, and the file descriptor number of the
       writing pipe will be in the environment variable $SSLWRITEFD.

       It's possible for all three of these file descriptors to be the same.


       UCSPI-TLS provides standard IN and OUT (file descriptors 0 and 1) to
       connected directly to the socket, for unencrypted communication.

       The control socket must accept at least these two commands:

       y      Start TLS.

       Y      Start TLS, and send optional SSL connection information back
              over the control socket.

       The SSL connection information will be in the in the form of an
       environment string, with zero or more environment variables, terminated
       by two ASCII NULL's.  Each environment variable is stored as "VAR=val
       ", and an additional trailing   is used to indicate the end of all
       environment variables.  If there are no variables to set, "  " should
       be used.

       When TLS is started, the UCSPI-TLS enabled server will take control of
       the socket, and the application is expected to switch to the file
       descriptors in $SSLREADFD and $SSLWRITEFD for all future
       communications.  Using the regular socket after activating TLS will
       probably just confuse the client.


       Where possible, the environment variables set should be the same ones
       as Apache's mod_ssl:


       Scott Gifford, Charlie Brady

Man(1) output converted with man2html