Chandra Pravir Messier Matt Viega John - Network Security with OpenSSL: Cryptography for Secure Communications

The Internet is a dangerous place, more dangerous than most peoplerealize. Many technical people know that it'spossible to intercept and modify data on the wire, but few realizehow easy it actually is. If an application doesn'tproperly protect data when it travels an untrusted network, theapplication is a security disaster waiting to happen.

The ).

In this book, we'll teach developers andadministrators how to secure applications with OpenSSL. Wewon't just show you how to SSL-enable yourapplications, we'll be sure to introduce you to themost significant risks involved in doing so, and the methods formitigating those risks. These methods are important; it takes morework to secure an SSL-enabled application than most people think,especially when code needs to run in multithreaded, highlyinteroperable environments where efficiency is a concern.

OpenSSL is more than just a free implementation of SSL. It alsoincludes a general-purpose cryptographic library, which can be usefulfor situations in which SSL isn't an appropriatesolution. Working with cryptography at such a low level can bedangerous, since there are many pitfalls in applying cryptography ofwhich few developers are fully aware. Nonetheless, we do discuss theavailable functionality for those that wish to use it. Additionally,OpenSSL provides some high-level primitives, such as support for theS/MIME email standard.

The bulk of this book describes the OpenSSL library and the many waysto use it. We orient the discussion around working examples, insteadof simply providing reference material. We discuss all of the commonoptions OpenSSL users can support, as well as the securityimplications of each choice.

Depending on your needs, you may end up skipping around in this book.For people who want to use OpenSSL from the command line foradministrative tasks, everything they need is in the first threechapters. Developers interested in SSL-enabling an application canprobably read to understand all the code).

Here's an overview of the book'scontents:

This chapter introduces SSL and the OpenSSL library. We give anoverview of the biggest security risks involved with deploying thelibrary and discuss how to mitigate them at a high level. We alsolook at how to use OpenSSL along with Stunnel to secure third-partysoftware, such as POP servers that don't otherwisehave built-in SSL support.

Here we discuss how to use basic OpenSSL functionality from thecommand line, for those who wish to use OpenSSL interactively, callout to it from shell scripts, or interface with it from languageswithout native OpenSSL support.

This chapter explains the basics of Public Key Infrastructure (PKI),especially as it manifests itself in OpenSSL. This chapter isprimarily concerned with how to go about getting certificates for usein SSL, S/MIME, and other PKI-dependent cryptography. We also discusshow to manage your own PKI using the OpenSSL command line, if you sochoose.

In this chapter, we talk about the various low-level APIs that aremost important to OpenSSL. Some of these APIs need to be mastered inorder to make full use of the OpenSSL library. Particularly, we laythe foundation for enabling multithreaded application support andperforming robust error handling with OpenSSL. Additionally, wediscuss the OpenSSL IO API, its randomness API, its arbitraryprecision math API, and how to use cryptographic acceleration withthe library.

Here we discuss the ins and outs of SSL-enabling applications,particularly with SSLv3 and its successor, TLSv1. We not only coverthe basics but also go into some of the more obscure features ofthese protocols, such as session resumption, which is a tool that canhelp speed up SSL connection times in some circumstances.

This chapter covers everything you need to know to useOpenSSL's interface to secret-key cryptographicalgorithms such as Triple DES, RC4, and AES (the new AdvancedEncryption Standard). In addition to covering the standard API, weprovide guidelines on selecting algorithms that you should supportfor your applications, and we explain the basics of these algorithms,including different modes of operation, such as counter mode.Additionally, we talk about how to provide some security forUDP-based traffic, and discuss general considerations for securelyintegrating symmetric cryptography into your applications.

In this chapter, we discuss how to use nonreversible (one-way)cryptographic hash functions, often called message digest algorithms.We also show how to use Message Authentication Codes (MACs), whichcan be used to provide data integrity via a shared secret. We showhow to apply MACs to ensure that tampering with HTTP cookies will bedetected.

Here we talk about the various public key algorithms OpenSSL exports,including Diffie-Hellman key exchange, the Digital SignatureAlgorithm (DSA), and RSA. Additionally, we discuss how to read andwrite common storage formats for public keys.

This chapter describes how to use OpenSSL programmatically from Perlusing the Net::SSLeay package, from Python using the M2Cryptolibrary, and from PHP.

In this chapter, we discuss many of the more esoteric parts of theOpenSSL API that are still useful, including the OpenSSLconfiguration API, creating and using S/MIME email, and performingcertificate management programmatically.

Here we provide a reference to the many options in the OpenSSLcommand-line interface.

Additionally, the book's web site (http://www.opensslbook.com) contains APIreference material that supplements this book. We also give pointersto the official OpenSSL documentation.

Note that we do not cover using SSL from Apache. While Apache does use OpenSSL for itscryptography, it provides its own API for configuring everything.Covering that isn't in the scope of this book. Referto the Apache documentation, or the book Apache: TheDefinitive Guide by Ben Laurie and Peter Laurie(O'Reilly & Associates).

As we finish this book,OpenSSLis at Version 0.9.6c, and 0.9.7 is in feature freeze, though a finalrelease is not expected until well after this book'spublication. Additionally, we expect developers to have tointeroperate with 0.9.6 for some time. Therefore, we have gone out ofour way to support both versions. Usually, our discussion will applyto both 0.9.6 and 0.9.7 releases unless otherwise noted. If there arefeatures that were experimental in 0.9.6 and changed significantly in0.9.7 (most notably support for hardware acceleration), we tend toexplain only the 0.9.7 solution.