DescriptionHands-on, practical guide to implementing SSL and TLS protocols for Internet security
If you are a network professional who knows C programming, this practical book is for you. Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more.
- Understanding Internet Security
- Protecting against Eavesdroppers with Symmetric Cryptography
- Secure Key Exchange over an Insecure Medium with Public Key Cryptography
- Authenticating Communications Using Digital Signatures
- Creating a Network of Trust Using X.509 Certificates
- A Usable, Secure Communications Protocol: Client-Side TLS
- Adding Server-Side TLS 1.0 Support
- Advanced SSL Topics
- Adding TLS 1.2 Support to Your TLS Library
- Other Applications of SSL
- A Binary Representation of Integers: A Primer
- Installing TCPDump and OpenSSL
- Understanding the Pitfalls of SSLv2
Set up and launch a working implementation of SSL with this practical guide.
Chapter 1 Understanding Internet Security 1
Chapter 2 Protecting Against Eavesdroppers with Symmetric Cryptography 29
Chapter 3 Secure Key Exchange over an Insecure Medium with Public Key Cryptography 91
Chapter 4 Authenticating Communications Using Digital Signatures 157
Chapter 5 Creating a Network of Trust Using X.509 Certifi cates 221
Chapter 6 A Usable, Secure Communications Protocol: Client-Side TLS 297
Chapter 7 Adding Server-Side TLS 1.0 Support 381
Chapter 8 Advanced SSL Topics 415
Chapter 9 Adding TLS 1.2 Support to Your TLS Library 479
Chapter 10 Other Applications of SSL 543
Appendix A Binary Representation of Integers: A Primer 567
Appendix B Installing TCPDump and OpenSSL 573
Appendix C Understanding the Pitfalls of SSLv2 579
|29||Error in Text|
should be the letters G, E, and T followed by a space.
This is referring to a specific character sequence.
|71||Error in Text|
Third paragraph, second sentence:
If you multiply this with any other (four-column) matrix
If you multiply this with any other (four row) matrix
ALSO The lowest matrix, on the left-hand, should show a ^-1 inversion notation
|90||Error in Text|
Last paragraph, last sentence should read:
CTR mode didn't make it into TLS...
|100||Error in Text|
Second paragraph, second sentence, should read: That is, look for extraneous chars...
|101||Error in Text|
At the bottom, should read:
49200 + 6150 + 738 = 56088
|129||Error in Text|
the Procedure for generating RSA keypairs sidebar states:
3. Compute the totient function (p-1)(1-1)
This should read:
3. Compute the totient function (p-1)(q-1)
|130||Error in Text|
Reads: its slow runtime limits is practical uses .
Should read: its slow runtime limits its practical uses .
|133||Error in Text|
Reads: sqrt(x^3-ax) has no solutions between 0 and 1 because x^3 - ax < 0 .
Should read: sqrt(x^3-x) has no solutions between 0 and 1 because x^3 - x < 0 .
|155||Error in Text|
OpenSSL 1.0, although it includes elliptic-curve operations, doesn't support TLS 1.2, and therefore doesn't support online ECC .
Actually, as of February 8, 2011, while openssl 0.9.8r does not support elliptic-curve ciphersuites, openssl 1.0.0 does.
|160||Error in Text|
Obviously, with such a 4:1 ratio of input blocks to output blocks, there will be at least a one in four chance of a collision.
Actually, over the entire input space, the chance of a collision is actually significantly smaller than 1 in 4.