Bookpool: SSL and TLS: Designing and Building Secure Systems

NEW RELEASES

BEST SELLERS

SUBJECTS

PUBLISHERS

PROMOTIONS

ARTICLES

SSL and TLS: Designing and Building Secure Systems

View Larger Image	Eric Rescorla Addison-Wesley, Paperback, Published October 2000, 499 pages, ISBN 0201615983
	List Price: $49.99 Our Price: $38.95 You Save: $11.04 (22% Off)
	Availability: Out-Of-Stock

Customer Reviews: 1 Average Customer Rating:

Write a Review and tell the world about this title!

People who purchase this book frequently purchase:

Network Security Using OpenSSL; Jon Viega, et al, $23.95, 40% Off!
Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition; Bruce Schneier, $36.50, 39% Off!
SSH, The Secure Shell: The Definitive Guide, 2nd Edition; Daniel J. Barrett, et al, $23.95, 40% Off!
JavaScript: The Definitive Guide, 5th Edition (Stock Expected November 20th); David Flanagan, $29.95, 40% Off!

Books on similar topics, in best-seller order:

Books from the same publisher, in best-seller order:

Addison-Wesley

"This is the best book on SSL/TLS. Rescorla knows SSL/TLS as well as anyone and presents it both clearly and completely.... At times, I felt like he's been looking over my shoulder when I designed SSL v3. If network security matters to you, buy this book."

Paul Kocher, Cryptography Research, Inc.

Co-Designer of SSL v3

"Having the right crypto is necessary but not sufficient to having secure communications. If you're using SSL/TLS, you should have SSL and TLS sitting on your shelf right next to Applied Cryptography."

Bruce Schneier, Counterpane Internet Security, Inc.

Author of Applied Cryptography

"Everything you wanted to know about SSL/TLS in one place. It covers the protocols down to the level of packet traces. It covers how to write software that uses SSL/TLS. And it contrasts SSL with other approaches. All this while being technically sound and readable!"

Radia Perlman, Sun Microsystems, Inc.

Author of Interconnections

Secure Sockets Layer (SSL) and its IETF successor, Transport Layer Security (TLS), are the leading Internet security protocols, providing security for e-commerce, web services, and many other network functions. Using SSL/TLS effectively requires a firm grasp of its role in network communications, its security properties, and its performance characteristics.SSL and TLS provides total coverage of the protocols from the bits on the wire up to application programming.

This comprehensive book not only describes how SSL/TLS is supposed to behave but also uses the author's free ssldump diagnostic tool to show the protocols in action. The author covers each protocol feature, first explaining how it works and then illustrating it in a live implementation. This unique presentation bridges the difficult gap between specification and implementation that is a common source of confusion and incompatibility.

In addition to describing the protocols,SSL and TLS delivers the essential details required by security architects, application designers, and software engineers. Use the practical design rules in this book to quickly design fast and secure systems using SSL/TLS. These design rules are illustrated with chapters covering the new IETF standards for HTTP and SMTP over TLS.

Written by an experienced SSL implementor,SSL and TLS contains detailed information on programming SSL applications. The author discusses the common problems faced by implementors and provides complete sample programs illustrating the solutions in both C and Java. The sample programs use the free OpenSSL and PureTLS toolkits so the reader can immediately run the examples.

Preface xvii

Chapter 1. Security Concepts 1

1.1 Introduction 1
1.2 The Internet Threat Model 1
1.3 The Players 2
1.4 The Goals of Security 3
1.5 Tools of the Trade 5
1.6 Putting It All Together 15
1.7 A Simple Secure Messaging System 16
1.8 A Simple Secure Channel 17
1.9 The Export Situation 24
1.10 Real Cryptographic Algorithms 25
1.11 Symmetric Encryption: Stream Ciphers 26
1.12 Symmetric Encryption: Block Ciphers 27
1.13 Digest Algorithms 32
1.14 Key Establishment 32
1.15 Digital Signature 36
1.16 MACs 38
1.17 Key Length 39
1.18 Summary 40

Chapter 2. Introduction to SSL 43

2.1 Introduction 43
2.2 Standards and Standards Bodies 43
2.3 SSL Over view 44
2.4 SSL/TLS Design Goals 44
2.5 SSL and the TCP/IP Suite 46
2.6 SSL History 47
2.7 SSL for the Web 51
2.8 Everything over SSL 52
2.9 Getting SSL 53
2.10 Summary 55

Chapter 3. Basic SSL 57

3.1 Introduction 57
3.2 SSL Over view 57
3.3 Handshake 58
3.4 SSL Record Protocol 61
3.5 Putting the Pieces Together 62
3.6 A Real Connection 63
3.7 Some More Connection Details 65
3.8 SSL Specification Language 68
3.9 Handshake Message Structure 70
3.10 Handshake Messages 71
3.11 Key Derivation 82
3.12 Record Protocol 88
3.13 Alerts and Closure 91
3.14 Summary 94

Chapter 4. Advanced SSL 95

4.1 Introduction 95
4.2 Session Resumption 96
4.3 Client Authentication 96
4.4 Ephemeral RSA 97
4.5 Rehandshake 99
4.6 Server Gated Cryptography 100
4.7 DSS and DH 102
4.8 Elliptic Curve Cipher Suites 103
4.9 Kerberos 104
4.10 FORTEZZA 104
4.11 The Story So Far 106
4.12 Session Resumption Details 106
4.13 Client Authentication Details 108
4.14 Ephemeral RSA Details 112
4.15 SGC Details 115
4.16 DH/DSS Details 124
4.17 FORTEZZA Details 126
4.18 Error Alerts 128
4.19 SSLv2 Backward Compatibility 135
4.20 Summary 137

Chapter 5. SSL Security 139

5.1 Introduction 139
5.2 What SSL Provides 139
5.3 Protect the master_secret 140
5.4 Protect the Server's Private Key 140
5.5 Use Good Randomness 140
5.6 Check the Certificate Chain 141
5.7 Algorithm Selection 142
5.8 The Story So Far 142
5.9 Compromise of the master_secret 142
5.10 Protecting Secrets in Memory 145
5.11 Securing the Server's Private Key 146
5.12 Random Number Generation 154
5.13 Certificate Chain Ver ification 156
5.14 Partial Compromise 162
5.15 Known Attacks 166
5.16 Timing Cryptanalysis 167
5.17 Million Message Attack 168
5.18 Small-Subgroup Attack 170
5.19 Downgrade to Export 171
5.20 Summary 173

Chapter 6. SSL Performance 175

6.1 Introduction 175
6.2 SSL Is Slow 175
6.3 Performance Principles 176
6.4 Cryptography Is Expensive 179
6.5 Session Resumption 181
6.6 Handshake Algorithm and Key Choice 182
6.7 Bulk Data Transfer 183
6.8 Basic SSL Performance Rules 184
6.9 The Story So Far 184
6.10 Handshake Time Allocation 184
6.11 Normal RSA Mode 186
6.12 RSA with Client Authentication 188
6.13 Ephemeral RSA 189
6.14 DSS/DHE 191
6.15 DSS/DHE with Client Authentication 194
6.16 Performance Improvements with DH 195
6.17 Record Processing 197
6.18 Java 199
6.19 SSL Servers under Load 202
6.20 Hardware Acceleration 204
6.21 Inline Hardware Accelerators 206
6.22 Network Latency 209
6.23 The Nagle Algorithm 212
6.24 Handshake Buffering 214
6.25 Advanced SSL Performance Rules 216
6.26 Summary 217

Chapter 7. Designing with SSL 219

7.1 Introduction 219
7.2 Know What You Want to Secure 220
7.3 Client Authentication Options 221
7.4 Reference Integrity 222
7.5 Inappropriate Tasks 224
7.6 Protocol Selection 224
7.7 Reducing Handshake Overhead 227
7.8 Design Strategy 227
7.9 The Story So Far 228
7.10 Separate Ports 228
7.11 Upward Negotiation 229
7.12 Downgrade Attacks 230
7.13 Reference Integrity 233
7.14 Username/Password Authentication 235
7.15 SSL Client Authentication 236
7.16 Mutual Username/Password Authentication 238
7.17 Rehandshake 242
7.18 Secondary Channels 244
7.19 Closure 244
7.20 Summary 247

Chapter 8. Coding with SSL 249

8.1 Introduction 249
8.2 SSL Implementations 249
8.3 Sample Programs 250
8.4 Context Initialization 252
8.5 Client Connect 258
8.6 Server Accept 263
8.7 Simple I/O Handling 265
8.8 Multiplexed I/O Using Threads 269
8.9 Multiplexed I/O with select() 274
8.10 Closure 282
8.11 Session Resumption 285
8.12 What's Missing? 286
8.13 Summary 288

Chapter 9. HTTP over SSL 291

9.1 Introduction 291
9.2 Securing the Web 291
9.3 HTTP 293
9.4 HTML 295
9.5 URLs 298
9.6 HTTP Connection Behavior 300
9.7 Proxies 301
9.8 Virtual Hosts 302
9.9 Protocol Selection 302
9.10 Client Authentication 303
9.11 Reference Integrity 303
9.12 HTTPS 304
9.13 HTTPS Over view 304
9.14 URLs and Reference Integrity 307
9.15 Connection Closure 314
9.16 Proxies 316
9.17 Virtual Hosts 320
9.18 Client Authentication 322
9.19 Referrer 327
9.20 Substitution Attacks 327
9.21 Upgrade 328
9.22 Programming Issues 331
9.23 Proxy CONNECT 331
9.24 Handling Multiple Clients 336
9.25 Summary 341

Chapter 10. SMTP over TLS 343

10.1 Introduction 343
10.2 Internet Mail Security 343
10.3 Internet Messaging Overview 345
10.4 SMTP 346
10.5 RFC 822 and MIME 349
10.6 E-Mail Addresses 351
10.7 Mail Relaying 352
10.8 Virtual Hosts 355
10.9 MX Records 356
10.10 Client Mail Access 357
10.11 Protocol Selection 357
10.12 Client Authentication 357
10.13 Reference Integrity 357
10.14 Connection Semantics 358
10.15 STARTTLS 358
10.16 STARTTLS Overview 358
10.17 Connection Closure 363
10.18 Requiring TLS 364
10.19 Virtual Hosts 364
10.20 Security Indicators 365
10.21 Authenticated Relaying 366
10.22 Originator Authentication 367
10.23 Reference Integrity Details 367
10.24 Why not CONNECT? 371
10.25 What's STARTTLS Good For? 372
10.26 Programming Issues 373
10.27 Implementing STARTTLS 373
10.28 Server Startup 374
10.29 Summary 375

Chapter 11. Contrasting Approaches 377

11.1 Introduction 377
11.2 The End-to-End Argument 378
11.3 The End-to-End Argument and SMTP 378
11.4 Other Protocols 379
11.5 IPsec 380
11.6 Security Associations 381
11.7 ISAKMP and IKE 381
11.8 AH and ESP 384
11.9 Putting It All Together: IPsec 386
11.10 IPsec versus SSL 386
11.11 Secure HTTP 389
11.12 CMS 390
11.13 Message Format 391
11.14 Cryptographic Options 392
11.15 Putting It All Together: S-HTTP 393
11.16 S-HTTP versus HTTPS 397
11.17 S/MIME 400
11.18 Basic S/MIME Formatting 401
11.19 Signing Only 401
11.20 Algorithm Choice 403
11.21 Putting It All Together: S/MIME 405
11.22 Implementation Barriers 406
11.23 S/MIME versus SMTP/TLS 407
11.24 Choosing the Appropriate Solution 408
11.25 Summary 410

Appendix A. Example Code 411

A.1 Chapter 8 411

A.1.1 C Examples 411

A.1.2 Java Examples 425
A.2 Chapter 9 431

A.2.1 HTTPS Examples 431

A.2.2 mod_ssl Session Caching 436

Appendix B. SSLv2 455

B.1 Introduction 455
B.2 SSLv2 Overview 455
B.3 Missing Features 457
B.4 Security Problems 458
B.5 PCT 461
B.6 What about SSLv1? 463

Bibliography 465

Index 475

Customer Reviews

Customer Reviews: 1 Average Customer Rating:

Aug 17, 2005 Rich from NJ, USA
fantastic
Not only is this a extremely useful book on explaining SSL/TLS, but its comparisons of those protocols to other security protocols is priceless. For example, the concise explanation of IPSec is far better than entire other books devoted to the topic. I can't recommend this highly enough!!

Forgot your password?
FAQs

Shipping Options
Returns

Your Orders
Your Account

Table of Contents