Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.

The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.

Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library's advanced features. And, instead of bogging you down in the technical details of how SSL works under the hood, this book provides only the information that is necessary to use OpenSSL safely and effectively. In step-by-step fashion, the book details the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges.

As a system or network administrator, you will benefit from the thorough treatment of the OpenSSL command-line interface, as well as from step-by-step directions for obtaining certificates and setting up your own certification authority. As a developer, you will further benefit from the in-depth discussions and examples of how to use OpenSSL in your own programs. Although OpenSSL is written in C, information on how to use OpenSSL with Perl, Python and PHP is also included.

OpenSSL may well answer your need to protect sensitive data. If that's the case, Network Security with OpenSSL is the only guide available on the subject.

Contents

Preface

1. Introduction
     Cryptography for the Rest of Us
     Overview of SSL
     Problems with SSL
     What SSL Doesn't Do Well
     OpenSSL Basics
     Securing Third-Party Software

2. Command-Line Interface
     The Basics
     Message Digest Algorithms
     Symmetric Ciphers
     Public Key Cryptography
     S/MIME
     Passwords and Passphrases
     Seeding the Pseudorandom Number Generator

3. Public Key Infrastructure (PKI)
     Certificates
     Obtaining a Certificate
     Setting Up a Certification Authority

4. Support Infrastructure
     Multithread Support
     Internal Error Handling
     Abstract Input/Output
     Random Number Generation
     Arbitrary Precision Math
     Using Engines

5. SSL/TLS Programming
     Programming with SSL
     Advanced Programming with SSL

6. Symmetric Cryptography
     Concepts in Symmetric Cryptography
     Encrypting with the EVP API
     General Recommendations

7. Hashes and MACs
     Overview of Hashes and MACs
     Hashing with the EVP API
     Using MACs
     Secure HTTP Cookies

8. Public Key Algorithms
     When to Use Public Key Cryptography
     Diffie-Hellman
     Digital Signature Algorithm (DSA)
     RSA
     The EVP Public Key Interface
     Encoding and Decoding Objects

9. OpenSSL in Other Languages
     Net::SSLeay for Perl
     M2Crypto for Python
     OpenSSL Support in PHP

10. Advanced Programming Topics
     Object Stacks
     Configuration Files
     X.509
     PKCS#7 and S/MIME
     PKCS#12

Appendix: Command-Line Reference

Index