OpenSSL Cookbook book cover
Free: Read Now
Release date: October 2013
First release: May 2013
Language: English (60 pages)
ISBN: 978-1907117053
Formats: PDF, EPUB, Kindle, Online
OpenSSL Cookbook
A short book that covers the most frequently used OpenSSL
features and commands, by Ivan Ristić
  • Provides OpenSSL documentation that covers installation, configuration,
    and key and certificate management
  • Includes SSL/TLS Deployment Best Practices, a design and deployment guide
  • Written by the author of SSL Labs and the SSL/TLS configuration assessment tool
  • Available in a variety of digital formats (PDF, EPUB, Mobi/Kindle); no DRM

OpenSSL Cookbook is a free ebook built around one chapter from Bulletproof SSL and TLS, a larger work that teaches how to deploy secure servers and web applications.



Table of Contents 
Preface      
        

Chapter 1. OpenSSL Cookbook

        Getting Started
                Determine OpenSSL Version and Configuration
                Building OpenSSL
                Examine Available Commands
                Building a Trust Store
                
        Key and Certificate Management
                Key Generation
                Creating Certificate Signing Requests
                Creating CSRs from Existing Certificates
                Unattended CSR Generation
                Signing Your Own Certificates
                Creating Certificates Valid for Multiple Hostnames
                Examining Certificates
                Key and Certificate Conversion
                Configuration
                Cipher Suite Selection
                Performance                  
        

Appendix A: SSL/TLS Deployment Best Practices

        Introduction
        
        1. Private Key and Certificate
                1.1. Use 2048-bit Private Keys
                1.2. Protect Private Keys
                1.3. Ensure Sufficient Hostname Coverage
                1.4. Obtain Certificates from a Reliable CA
                
        2. Configuration
                2.1. Deploy with Complete and Valid Certificate Chains
                2.2. Use Only Secure Protocols
                2.3. Use Only Secure Cipher Suites
                2.4. Control Cipher Suite Selection
                2.5. Support Forward Secrecy
                2.6. Disable Client-Initiated Renegotiation
                2.7. Mitigate Known Problems
                
        3. Performance
                3.1. Do Not Use Too-Strong Private Keys
                3.2. Ensure That Session Resumption Works Correctly
                3.3. Use Persistent Connections (HTTP)
                3.4. Enable Caching of Public Resources (HTTP)
                
        4. Application Design (HTTP)
                4.1. Encrypt 100% of Your Web Site
                4.2. Avoid Mixed Content
                4.3. Understand and Acknowledge Third-Party Trust
                4.4. Secure Cookies
                4.5. Deploy HTTP Strict Transport Security
                4.6. Disable Caching of Sensitive Content
                4.7. Ensure That There Are No Other Vulnerabilities
                
        5. Validation
        
        6. Advanced Topics

About the Author

Ivan Ristić is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.

He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.