Network Security with OpenSSL: Cryptography for Secure Communications

Let's get this out of the way: if you're starting a new project and you need a SSL library, then OpenSSL is *not* the library you are looking for. The library documentation, and the API, are so confusing as to make one's eyes bleed. Confusing and often-undocumented default settings for an armada of parameters, and entirely missing documentation for certain important features, makes it too easy to achieve "security" with massive holes, and makes it too difficult to implement security according to accepted best practices. Speaking as someone who has used OpenSSL - you have better choices.That said, if you *must* use OpenSSL for some reason or other, then this book is the missing user manual that the library so desperately needs. It does a good job explaining the library APIs, both libssl and libcrypto, and additionally provides worked examples of common implementation tasks. It explains things well enough that, once you've read through it and rewritten the examples on your own, the library begins to make some sort of *sense* - if such a thing is really possible - and, if you combine this book with the library docs (which will now be less confusing) and the source for the OpenSSL command-line tools (which will now even be *legible*!), you now stand a chance of successfully building something useful.There is an important caveat: this book was written for a much earlier version of OpenSSL, and thus certain important features are referred to by the book as "not yet available" or are simply not mentioned. That said, this will be less of an obstacle once you reach the point when the library begins to make its own strange sort of sense.If your project requires OpenSSL, and there's really no way around it, then get this book. It will save you *months* of fruitlessly spinning your wheels, and it will get you on track.

Without people realizing it the majority of SSL enabled websites worldwide are using the OpenSSl library (through the Apache web server). Only large companies like Microsoft can afford to develop their own proprietary implementation of SSL.The SSL library is C-library easily compiled as C++, and ported to PHP, PERL and JAVA etc.It can be as has been compiled under Windows, Mac and Linux. OpenSSL is even shipped with Mac and Linux.The OpenSSL package basically consists of two parts (i) the SSL part and (ii) the cryptographic library.Given the large cross-platform functionality it should not come as a surprise that the souce code documentation is not always up to date.This book is a welcome guide to OpenSSL. I guess that the vast majority of programmers developing secure programs use OpenSSL, either directly or indirectly. Without the book one has to continuously search on the Internet for code examples.In this book all aspects of OpenSSL programming are illustrated with real life C examples. I have downloaded the source code of quite a number and I found them extremely helpful.The OpenSSL package has also a number of utilities that can be run from the command line. This books describes it and gives some real examples. I have tried them all successfully.The book describes SSL/TLS programming, symmetric encryption (low-level and intermediate level), Hashes/MACS, and Public Key cryptography.I think reading this book, together with  Cryptography Engineering: Design Principles and Practical Applications  will end your status as a cryptography amateur.

I got this book for a one time SSL project. It was a quick read helped me in a few areas. I wished i had bought it before i started, as I had already figured out many of the macros. Also pay attention to the date, technology quickly becomes outdated. Good value for what I needed.

This book is almost essential to use openssl successfully. Openssl is so full of problems and poor UI design, poor documentation and quirky issues that you need this book just to get by. Many, I am sure, are profiting more by the bugs on openssl than they are profiting by fixing them. So thanks to John Viega for helping to sort this thing out somewhat for the rest of the world.After working with openssl for months I have come to the conclusion that security is designed to be vague and insecure. Governments want a monopoly on true security and outlawing it didn't work so they settled for muddying up the specs so nobody can interoperate in a truely secure fashion.Such is the reality of our times.

Contents: intro, openssl command line, PKI, then programming: support infrastructure, ssl, symmetric keys, hashes, public keys, and openSSL for Perl, Python, and PHP.As others have noted, this is a great book for programming. It's not as detailed if you are looking to set up your own PKI. Basically it is about 30 pages of the openssl command (using symmetric keys, generating private keys, making certificates, signing them) and ~270 pages or so of programming.

As a software developer writing both client and server based SSL code, this book helped a lot. There are a lot of details that are missing from the OpenSSL documentation that are covered in this book.I am hoping that the author will publish a new version to cover the 1.0 release.Very easy read for an experienced C/C++ developer with a number of code examples.I give this book an 8+ and is a permanent part of my coding library.

Everything I needed to know to write code supporting certificates, multi-threading and error reporting was explained in the first five chapters. Without this book to tie together disparate facts, I probably would still be scrounging through Google hits, forums and the OpenSSL source code. At least a week of research and experimentation (non-billable hours) were saved. Highly recommended.

If you've worked with openssl before, you'll know the APIs are a pig to use. Mainly because the functions have such short names, the documentation is pretty bare and there's a lack of examples. It's easy to get things wrong.Some APIs mentioned in the book are deprecated, but in general most of the background info is still sound. If you need to use openssl then it's definitely worth a read.I spent a day trying to work out how to DER encode an RSA key, and within minutes of owning this book I found a one liner example with the code to do it. The info around the openssl error queue mechanism is especially useful.

I bought this book with 2 objectives in mind:- first and foremost, I was looking for a reference of API documentation for the C library (online documentation is absolutely terrible) with appropriate details, use cases and examples.- secondarily, I expected the book to provide explanations of best practices, caveats and zone of dangers for using the openssl library.Unfortunately the book is so outdated that it is useless when it comes to the C library (I've looked mostly at the PKI chapter, RSA and ECDSA which is not covered). On top of that, it does not provide working examples for a lot of the API.On the second point, the out of date issue is less prominent as cryptography principles are the same as ~10 years ago (the book's copyright note dates from 2002). I am worried some sections are still missing but my limited knowledge prevents me from putting a figer on that issue.The book is well written and well organized though.I can't recommend the book as it does not help in fulfilling my main goal. Hence the reflection in the rating.

This is a very good book on openssl there is lots of hidden stuff in the software and this book details some of it.

... puedes leer temas basicos como la funcion de las emisoras de certificados, te dice como instalar tu propio server. Aunque algunas apis ya estan obsoletas, no he encontrado otro libro mas nuevo....

Als Einführung ist das Buch OK.Leider wurde das Buch nicht mehr aktualisiert und spiegelt den Softwarestand basierend auf OpenSSL 0.9.6c im Jahre 2002 wieder. Zumindest dieser Teil ist in sehr guter O'Reilly Qualität.Für die aktuelle Applikationsentwicklung ist das heute aber zu wenig.