Network Security with OpenSSL (Paperback)

~ (Author), Matt Messier (Author), Pravir Chandra (Author)
Key Phrases: public key algorithms, abstract input, symmetric cryptography, Certification Authority, Public Key Infrastructure, Advanced Programming (more...)

Editorial Reviews

Review

"If you have struggled with OpenSSL and the supplied documentation then you will regret the amount of time that you have wasted before finding this book. If you are planning to use OpenSSL then you need to buy a copy - it's essential reading. What is more surprising is that even if you don't plan to use OpenSSL, then downloading it and trying out the examples in the book could be the education in practical cryptography you really need. What more can I say of any book, other than that I certainly won't be lending it to anyone else? It's going to remain firmly chained to my bookshelf for the foreseeable future - and no, you can't borrow it." - Mike James, VSJ, October 2003

Product Description

Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications. The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. Traditionally, getting something simple done in OpenSSL could take weeks. Network Security with OpenSSL gives you guidance to avoid pitfalls, and allows you to take advantage of the library?s advanced features. And, instead of bogging you down in the technical details of how SSL works under the hood, this book provides only the information that is necessary to use OpenSSL safely and effectively. The book details the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges.

See all Editorial Reviews

Product Details

• Paperback: 384 pages
• Publisher: O'Reilly Media; 1st edition (June 15, 2002)
• Language: English
• ISBN-10: 059600270X
• ISBN-13: 978-0596002701
• Product Dimensions: 9.1 x 7 x 0.8 inches
• Shipping Weight: 1.1 pounds (View shipping rates and policies)
• Average Customer Review: 4.3 out of 5 stars  See all reviews (12 customer reviews)
• Amazon.com Sales Rank: #79,932 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #9 in	Books > Computers & Internet > Programming > Algorithms > Cryptography
  #36 in	Books > Computers & Internet > Certification Central > Exams > Security+
  #83 in	Books > Computers & Internet > Networking > Network Security

Customer Reviews

Most Helpful Customer Reviews

20 of 20 people found the following review helpful:

5.0 out of 5 stars openssl programming cleanly explained, October 11, 2004

By	H. Wang (Santa Clara, CA USA) - See all my reviews (REAL NAME)

The book starts with a general introduction of encryption in general, then SSL protocol in general. Then openssl command line interface is introduced with some easy to follow examples. Later openssl programming is explained in detail.

As the only free SSL programming library with source code available, openssl is notorious for its undocumented/underdocumented/misdocumented manuals. Starting a software project using openssl without prior experience is often a painful experience if you simply rely on the manuals coming with the source code. Given thousands of interfaces/data structures, it is an overwhelming job to understand openssl in depth. Your best bet is usually reading the sample source code that comes with package, but often it leaves lots of questions - what does this api do? Why use this one? Under what circumstances should I use this one? You may rely on openssl mailing list, but answer is not guaranteed and you have to do your own home work first.

So come this book finally. It explains (using many examples) most interfaces a typical openssl programmer would use in reality. It is a really easy to read from chapter to chapter since the authors apparently try to explain most api using a short and clear example.

I wish when the next version comes out, it can do:

1. fix typos. Yeah, it does contain some typos. Good proofreading is needed.

2. Include topics in openssl 0.9.7. Like CRL.

3. What's going on under hood. How openssl code is organized, how interface control of flow goes. This helps understand the openssl library and debugging as well.

13 of 14 people found the following review helpful:

5.0 out of 5 stars Excellent!, November 22, 2002

By	Antonio A. Rodriguez "taserian" (Columbia, SC United States) - See all my reviews (REAL NAME)

OpenSSL is a terrific programming resource, but the online documentation on it
is hard to understand and index. This book brings most of it all together, and
provides enough examples to answer most of your questions.

One thing that it lacks is tie-ins with Java; most of its examples are in Perl
and Python. I'm currently trying to see if certain ideas can be implemented in Java.

A great book, and great read!

15 of 17 people found the following review helpful:

5.0 out of 5 stars The only SSL book you'll need.., July 7, 2002

By	Kevin J. Schmidt (Lilburn,GA) - See all my reviews (REAL NAME)

My title says it all. If you are a programmer who needs to use OpenSSL in a custom client/server application, then get this book. The code examples and corresponding text make perfect sense. The authors also go to great trouble to make sure you know the correct way in which to use the OpenSSL package. The book also covers using the openssl command-line utility. If you've ever pulled your hair out trying to understand how to use OpenSSL or have read the VERY incomplete documentation, then buy this book and have all your questions answered.