« Introducing the SSL Client Test | Main | SSL Pulse now tracking Forward Secrecy and RC4 »

OpenSSL Cookbook v1.1 released

October 08, 2013

OpenSSL Cookbook is a free ebook based around one chapter of my in-progress book Bulletproof SSL and TLS. The appendix contains the SSL/TLS Deployment Best Practices document (re-published with permission from Qualys). In total, there's about 50 pages of text that covers the OpenSSL essentials, starting with installation, then key and certificate management, and finally cipher suite configuration.

The first version of OpenSSL Cookbook was published in May, but now, five months after that release, I've released version 1.1. The changes in this version are as follows:

  • Updated SSL/TLS Deployment Best Practices to v1.3. This version brings several significant changes: 1) RC4 is deprecated, 2) the BEAST attack is considered mitigated server-side, 3) Forward Secrecy has been promoted to its own category. There are many other smaller improvements throughout.
  • Reworked the cipher suite configuration example to add Forward Security as a requirement, making the example more useful in practice.
  • Increased coverage of different key types with a discussion of ECDSA keys. Explained when each type is appropriate.
  • Added new text to explain how to generate DSA and ECDSA keys.
  • Explained the challenge password, when generating Certificate Signing Requests.
  • Marked cipher suite configuration keywords that were introduced only in the OpenSSL 1.x branch. This makes it easier to use the text for reference purposes, if you're still running the older, OpenSSL 0.9.x, version.

You can get your copy from here.

MY NEXT BOOK: If you like this blog post, you will love Bulletproof SSL and TLS. This book contains everything you need to know about SSL, TLS, and Internet PKI to deploy secure servers and web applications. It is available now.

For a preview of the content, read my free OpenSSL Cookbook.