You are previewing Implementing SSL/TLS Using Cryptography and PKI.
O'Reilly logo
Implementing SSL/TLS Using Cryptography and PKI

Book Description

Hands-on, practical guide to implementing SSL and TLS protocols for Internet security

If you are a network professional who knows C programming, this practical book is for you. Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more.

Coverage includes:

  • Understanding Internet Security

  • Protecting against Eavesdroppers with Symmetric Cryptography

  • Secure Key Exchange over an Insecure Medium with Public Key Cryptography

  • Authenticating Communications Using Digital Signatures

  • Creating a Network of Trust Using X.509 Certificates

  • A Usable, Secure Communications Protocol: Client-Side TLS

  • Adding Server-Side TLS 1.0 Support

  • Advanced SSL Topics

  • Adding TLS 1.2 Support to Your TLS Library

  • Other Applications of SSL

  • A Binary Representation of Integers: A Primer

  • Installing TCPDump and OpenSSL

  • Understanding the Pitfalls of SSLv2

Set up and launch a working implementation of SSL with this practical guide.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright
  4. Dedication
  5. About the Author
  6. About the Technical Editor
  7. Credits
  8. Acknowledgments
  9. Contents at a Glance
  10. Contents
  11. Introduction
    1. Supplemental Web Sites
    2. Roadmap and Companion Source Code
    3. Outline of the Book
    4. How to Read This Book
  12. CHAPTER 1: Understanding Internet Security
    1. What Are Secure Sockets?
    2. Insecure Communications: Understanding the HTTP Protocol
    3. Roadmap for the Rest of This Book
  13. CHAPTER 2: Protecting Against Eavesdroppers with Symmetric Cryptography
    1. Understanding Block Cipher Cryptography Algorithms
    2. Understanding Stream Cipher Algorithms
  14. CHAPTER 3: Secure Key Exchange over an Insecure Medium with Public Key Cryptography
    1. Understanding the Theory Behind the RSA Algorithm
    2. Performing Arbitrary Precision Binary Math to Implement Public-Key Cryptography
    3. Encryption and Decryption with RSA
    4. Achieving Perfect Forward Secrecy with Diffie-Hellman Key Exchange
    5. Getting More Security per Key Bit: Elliptic Curve Cryptography
    6. Making ECC Work with Whole Integers: Elliptic-Curve Cryptography over Fp
  15. CHAPTER 4: Authenticating Communications Using Digital Signatures
    1. Using Message Digests to Create Secure Document Surrogates
  16. CHAPTER 5: Creating a Network of Trust Using X.509 Certificates
    1. Putting It Together: The Secure Channel Protocol
    2. Encoding with ASN.1
    3. Developing an ASN.1 Parser
    4. Managing Certificates
    5. Other Problems with Certificates
  17. CHAPTER 6: A Usable, Secure Communications Protocol: Client-Side TLS
    1. Implementing the TLS 1.0 Handshake (Client Perspective)
    2. Secure Data Transfer with TLS
    3. Implementing TLS Shutdown
    4. Examining HTTPS End-to-End Examples (TLS 1.0)
    5. Differences Between SSL 3.0 and TLS 1.0
    6. Differences Between TLS 1.0 and TLS 1.1
  18. CHAPTER 7: Adding Server-Side TLS 1.0 Support
    1. Implementing the TLS 1.0 Handshake from the Server's Perspective
    2. Avoiding Common Pitfalls When Adding HTTPS Support to a Server
    3. When a Browser Displays Errors: Browser Trust Issues
  19. CHAPTER 8: Advanced SSL Topics
    1. Passing Additional Information with Client Hello Extensions
    2. Safely Reusing Key Material with Session Resumption
    3. Avoiding Fixed Parameters with Ephemeral Key Exchange
    4. Verifying Identity with Client Authentication
    5. Dealing with Legacy Implementations: Exportable Ciphers
    6. Discarding Key Material Through Session Renegotiation
  20. CHAPTER 9: Adding TLS 1.2 Support to Your TLS Library
    1. Supporting TLS 1.2 When You Use RSA for the Key Exchange
    2. Impact to Diffie-Hellman Key Exchange
    3. Adding Support for AEAD Mode Ciphers
    4. Working ECC Extensions into the TLS Library
    5. The Current State of TLS 1.2
  21. CHAPTER 10: Other Applications of SSL
    1. Adding the NTTPS Extension to the NTTP Algorithm
    2. Implementing "Multi-hop" SMTP over TLS and Protecting Email Content with S/MIME
    3. Securing Datagram Traffic
    4. Supporting SSL When Proxies Are Involved
    5. SSL with OpenSSL
  22. APPENDIX A: Binary Representation of Integers: A Primer
    1. The Decimal and Binary Numbering Systems
    2. Understanding Binary Logical Operations
    3. Two's-Complement Representation of Negative Numbers
    4. Big-Endian versus Little-Endian Number Formats
  23. APPENDIX B: Installing TCPDump and OpenSSL
    1. Installing TCPDump
    2. Installing OpenSSL
  24. APPENDIX C: Understanding the Pitfalls of SSLv2
    1. Implementing the SSL Handshake
  25. Index