Synopses & Reviews
Let's get down to a practical implementation of SSL and TLSSSL/TLS is a standardized, widely implemented, peer-reviewed protocol for applying cryptographic primitives to arbitrary networked communications. It provides privacy, integrity, and a measure of authenticity to otherwise inherently untrustworthy network connections.
While most books detail the protocol, this one is intended to provide you with a nearly complete SSL/TLS library, developed incrementally using C code. Whether or not you have a working knowledgeof cryptography, you'll find this practical guide helps you understand the internals of these libraries so that, when it comes time to use one, you will have a firm understanding of what takes place at each stage.
Understand secure sockets and the HTTP protocol
Learn to protect against eavesdroppers with symmetric cryptography
Secure key exchanges over an insecure medium with public key cryptography and boost security with elliptic curve cryptography
Examine the use of digital signatures and X.509 certificates
Develop a usable, secure communications protocol with client-side TLS
Add server-side TLS 1.0 support
Use SSL in advanced situations, including safely reusing key material with sessionresumption and verifying identity with client authentication
Go to www.wiley.com/go/implementingssl to find code and other features related to this book
Synopsis
In the style of Richard Steven's TCP/IP Illustrated, Vol. 2 and Maurice Bach's The Design of the Unix Operating System, this book will present, along with explanatory text, a complete C-language implementation of SSLv2, TLS 1.0 and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, and certificate parsing and generation.
Topics covered: HTTP, HTTPS and HTTP proxy support (including how HTTP proxies interact with SSL) Symmetric cryptography, including DES, 3DES, AES and RC4, along with CBC, OFB, COUNTER and AEAD Public-key cryptography including RSA, Diffie-Hellman key exchange and Elliptic-curve cryptography Digital signature algorithms including RSA, DSA, ECDSA, SHA-1, MD5 and HMAC X.509 Certificates and ASN.1 SSLv2, TLS1.0 (client, server, and extensions), and TLS 1.2
Synopsis
Hands-on, practical guide to implementing SSL and TLS protocols for Internet security
If you are a network professional who knows C programming, this practical book is for you. Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more. Shows network professionals how to implement SSL and TLS using cryptography and PKI Provides specific techniques and strategies, even if you have no prior knowledge of cryptography Covers HTTP, HTTPS, and HTTP proxy support (including how HTTP proxies interact with SSL); symmetric cryptography, including DES, 3DES, AES and RC4, along with CBC, OFB, COUNTER and AEAD Delves into public-key cryptography including RSA, Diffie-Hellman key exchange, and Elliptic-curve cryptography Takes you through digital signature algorithms including RSA, DSA, ECDSA, SHA-1, MD5, and HMAC Includes additional topics, such as X.509 certificates, ASN.1, and more
Set up and launch a working implementation of SSL with this practical guide.
Synopsis
Hands-on, practical guide to implementing SSL and TLS protocols for Internet security
If you are a network professional who knows C programming, this practical book is for you. Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more.
Coverage includes:
- Understanding Internet Security
- Protecting against Eavesdroppers with Symmetric Cryptography
- Secure Key Exchange over an Insecure Medium with Public Key Cryptography
- Authenticating Communications Using Digital Signatures
- Creating a Network of Trust Using X.509 Certificates
- A Usable, Secure Communications Protocol: Client-Side TLS
- Adding Server-Side TLS 1.0 Support
- Advanced SSL Topics
- Adding TLS 1.2 Support to Your TLS Library
- Other Applications of SSL
- A Binary Representation of Integers: A Primer
- Installing TCPDump and OpenSSL
- Understanding the Pitfalls of SSLv2
Set up and launch a working implementation of SSL with this practical guide.
About the Author
Joshua Davies is a principal architect for Travelocity.com, responsible for the architecture of the main Web site with a focus on networking and security. Previously, he designed distributed systems for AT&T, Digex, and the Mexican telecommunications giant Pegaso.
Table of Contents
Introduction xxvii
Chapter 1 Understanding Internet Security 1
Chapter 2 Protecting Against Eavesdroppers with Symmetric Cryptography 29
Chapter 3 Secure Key Exchange over an Insecure Medium with Public Key Cryptography 91
Chapter 4 Authenticating Communications Using Digital Signatures 157
Chapter 5 Creating a Network of Trust Using X.509 Certifi cates 221
Chapter 6 A Usable, Secure Communications Protocol: Client-Side TLS 297
Chapter 7 Adding Server-Side TLS 1.0 Support 381
Chapter 8 Advanced SSL Topics 415
Chapter 9 Adding TLS 1.2 Support to Your TLS Library 479
Chapter 10 Other Applications of SSL 543
Appendix A Binary Representation of Integers: A Primer 567
Appendix B Installing TCPDump and OpenSSL 573
Appendix C Understanding the Pitfalls of SSLv2 579
Index 629