SSL is Secure Sockets Layer, the most common security protocol used in networks around the world. TLS is Transport Layer Security, its more modern counterpart. Although its primary use is securing Web traffic, SSL (along with TLS) is suitable for and widely used to secure other services, including LDAP (directory access) and e-mail. Securing all this traffic has highlighted sophisticated security problems and their solutions, and so a thorough understanding of SSL and TLS is essential for the construction of secure systems.
SSL and TLS: Designing and Building Secure Systems offers clear and comprehensive descriptions of these security protocols and their implementation, and also provides "designs"--tried and true templates that suit various scenarios. Armed with this book, you can become well versed in the importance of SSL and TLS, be able to work with them to provide solutions, and furthermore identify an appropriate tested "design" that will solve the security problems of a proposed new network installation.
The book starts with an excellent summary of cryptography, and clarifies what the threat to security is. The next five chapters introduce and elucidate SSL itself, in detail but with great care to carry even the neophyte along, keeping comprehension high. Diagrams and examples are plentiful. The author provides information about how to obtain free tools, including his own helpful "ssldump" which significantly aids the person who wishes to learn how to use, interpret, program and plan implementation of this protocol.
Though SSL and TLS is aimed at the professional who expects to be in constant use of network equipment, this book can be used as a good introduction to security issues confronting computer users, even if you never plan to touch a coax cable. --Wilf Hey
From the Back Cover
"This is the best book on SSL/TLS. Rescorla knows SSL/TLS as well as anyone and presents it both clearly and completely.... At times, I felt like he's been looking over my shoulder when I designed SSL v3. If network security matters to you, buy this book."
Paul Kocher, Cryptography Research, Inc.
Co-Designer of SSL v3
"Having the right crypto is necessary but not sufficient to having secure communications. If you're using SSL/TLS, you should have
SSL and TLS sitting on your shelf right next to Applied Cryptography."
Bruce Schneier, Counterpane Internet Security, Inc.
Author of Applied Cryptography
"Everything you wanted to know about SSL/TLS in one place. It covers the protocols down to the level of packet traces. It covers how to write software that uses SSL/TLS. And it contrasts SSL with other approaches. All this while being technically sound and readable!"
Radia Perlman, Sun Microsystems, Inc.
Author of Interconnections
Secure Sockets Layer (SSL) and its IETF successor, Transport Layer Security (TLS), are the leading Internet security protocols, providing security for e-commerce, web services, and many other network functions. Using SSL/TLS effectively requires a firm grasp of its role in network communications, its security properties, and its performance characteristics. SSL and TLS provides total coverage of the protocols from the bits on the wire up to application programming.
This comprehensive book not only describes how SSL/TLS is supposed to behave but also uses the author's free ssldump diagnostic tool to show the protocols in action. The author covers each protocol feature, first explaining how it works and then illustrating it in a live implementation. This unique presentation bridges the difficult gap between specification and implementation that is a common source of confusion and incompatibility.
In addition to describing the protocols, SSL and TLS delivers the essential details required by security architects, application designers, and software engineers. Use the practical design rules in this book to quickly design fast and secure systems using SSL/TLS. These design rules are illustrated with chapters covering the new IETF standards for HTTP and SMTP over TLS.
Written by an experienced SSL implementor, SSL and TLS contains detailed information on programming SSL applications. The author discusses the common problems faced by implementors and provides complete sample programs illustrating the solutions in both C and Java. The sample programs use the free OpenSSL and PureTLS toolkits so the reader can immediately run the examples.