« Introducing the SSL Client Test | Main | SSL Pulse now tracking Forward Secrecy and RC4 »

OpenSSL Cookbook v1.1 released

October 08, 2013

OpenSSL Cookbook is a free ebook based around one chapter of my in-progress book Bulletproof SSL and TLS. The appendix contains the SSL/TLS Deployment Best Practices document (re-published with permission from Qualys). In total, there's about 50 pages of text that covers the OpenSSL essentials, starting with installation, then key and certificate management, and finally cipher suite configuration.

The first version of OpenSSL Cookbook was published in May, but now, five months after that release, I've released version 1.1. The changes in this version are as follows:

  • Updated SSL/TLS Deployment Best Practices to v1.3. This version brings several significant changes: 1) RC4 is deprecated, 2) the BEAST attack is considered mitigated server-side, 3) Forward Secrecy has been promoted to its own category. There are many other smaller improvements throughout.
  • Reworked the cipher suite configuration example to add Forward Security as a requirement, making the example more useful in practice.
  • Increased coverage of different key types with a discussion of ECDSA keys. Explained when each type is appropriate.
  • Added new text to explain how to generate DSA and ECDSA keys.
  • Explained the challenge password, when generating Certificate Signing Requests.
  • Marked cipher suite configuration keywords that were introduced only in the OpenSSL 1.x branch. This makes it easier to use the text for reference purposes, if you're still running the older, OpenSSL 0.9.x, version.

You can get your copy from here.

MY BOOK: If you like this blog post, you will love Bulletproof TLS and PKI. For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI and will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. It's available now.