REVIEW - Network Security with OpenSSL - Cryptography for Secure Communications


Title:

Network Security with OpenSSL

Cryptography for Secure Communications

Author:

John Viega, Matt Messier, Pravir Chandra

Publisher:

O'Reilly (2002)

Pages:

386pp

Reviewer:

Christoph Ludwig

Reviewed:

February 2003

Rating:

★★☆☆☆


All programs that use network resources are potential objects of snooping, tampering, or other attacks. Even if you are familiar with cryptology, chances are your programs won't withstand sophisticated attacks unless you rely on established protocols like SSL and its successor TLS. OpenSSL is a highly regarded C implementation of these protocols. Unfortunately, there are plenty of subtle traps when using OpenSSL, giving you a false sense of security. Network Security with OpenSS ' aims to show you how to avoid such pitfalls.

It presumes that the reader already has a rough understanding of modern cryptology. The explanations given are too vague to serve as more than a reminder. The authors explicitly avoid the details since they do not have an immediate impact on the use of OpenSSL. They may have a valid point here, but I miss a comprehensive commented bibliography that allows the reader to look up details or further information.

The book does not explain the design of OpenSSL or give a complete reference of all available C functions. It's rather like a cookbook; it shows how to perform certain tasks like setting up an SSL connection with proper authentication of client and server or how to correctly use message authentication codes. However, simply adapting examples when developing security relevant parts of a program leaves an uneasy feeling. A more complete discussion of all possible options and how different parts of OpenSSL interact would have been helpful.

There are more or less complete OpenSSL bindings to other languages like Perl, Python and PHP. The book dedicated one chapter to these bindings, but I doubt whether 24 pages suffice to cover everything that you need to know in order to make efficient use of OpenSSL from other languages.

In summary, if you are going to use OpenSSL, then I recommend you have a look into this book. It will give you a good starting point, at least. However, it won't serve as your only reference, you will have to dig through the documentation shipping with OpenSSL and some textbook on cryptology anyway.


Book cover image courtesy of Open Library.





Your Privacy

By clicking "Accept Non-Essential Cookies" you agree ACCU can store non-essential cookies on your device and disclose information in accordance with our Privacy Policy and Cookie Policy.

Current Setting: Non-Essential Cookies REJECTED


By clicking "Include Third Party Content" you agree ACCU can forward your IP address to third-party sites (such as YouTube) to enhance the information presented on this site, and that third-party sites may store cookies on your device.

Current Setting: Third Party Content EXCLUDED



Settings can be changed at any time from the Cookie Policy page.