« Apache Security: free, ten years later | Main | SSL Labs RC4 deprecation plan »

OpenSSL Cookbook 2nd Edition released

March 03, 2015

Today we’re releasing the second edition of OpenSSL Cookbook, Feisty Duck's free OpenSSL book. This edition is a major update, with some improvements to the existing text and new content added. The new edition has about 95 pages, an increase of about 35 pages.

Here’s a brief overview of what’s new:

  • New chapter Testing with OpenSSL, which focuses on secure server assessment.
  • New section Recommended Configuration, which contains a list of recommended cipher suites. I now prefer to configure OpenSSL by explicitly listing all the suites I wish to enable.
  • New section Creating a Private Certification Authority, which contains a step-by-step guide to creating and deploying a private CA.
  • Updated SSL/TLS Deployment Best Practices to v1.4. Important changes in this version include SHA1 deprecation and SSL 3 weaknesses (POODLE).

Another important improvement is that I am switching from updating OpenSSL Cookbook once in a while (the previous edition was released in October 2013) to making small changes as the need arises. There still might be further editions, but only when and if new content is added.

OpenSSL Cookbook draws from the content written for my bigger work, Bulletproof SSL and TLS. If you’re looking for a complete guide to the world of SSL/TLS and Internet PKI, give the bigger book a try.

That said, the main goals of OpenSSL Cookbook are to be useful, short, and contain documentation for everything you might want to do with it as a user (i.e., no programming). If you’re looking for something and you can’t find it in this book, please get in touch to propose improvements.

MY BOOK: If you like this blog post, you will love Bulletproof TLS and PKI. For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI and will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. It's available now.