background preloader

SSL

Facebook Twitter

Survival Guide - SSL/TLS and SSL (X.509) Certificates (Self-Signed) This is a survival guide to the eye-glazing topic of TLS/SSL and X.509 (SSL) certificates - including self-signed certificates.

Survival Guide - SSL/TLS and SSL (X.509) Certificates (Self-Signed)

These are elements in what is loosely called a Public Key Infrastructure (PKI). What are colloquially known as SSL certificates should be referred to as X.509 certificates. The term SSL certificate became common due to the adoption of the X.509 (one of the ITU X.500 Directory standards) certificate format by Netscape when it designed the original versions of the SSL protocol, eons ago, when the world was still young and the Internet was a friendly place. The term 'SSL certificate' has persisted simply because given the choice of saying SSL certificate or 'X.509 certificate' which would you choose? The current guide includes SSL, TLS, some detail about X.509 and its usage as well as some explanation about certificate types, including EV certificates, and the trust process.

If, however, you just want to read the blasted RFC, feel free to click the links below. Transport Layer Security. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.[1] They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating,[2] and to exchange a symmetric key.

Transport Layer Security

This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication. [clarification needed] Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging, and voice-over-IP (VoIP). An important property in this context is forward secrecy, so the short-term session key cannot be derived from the long-term asymmetric secret key.[3] Description[edit] History and development[edit] Secure Network Programming[edit] Dr. Notes. Yngve Nysæter Pettersen - Popular, but sluggish secure server? Popularity might not be the reason.

Tgs02r. SSL Programming Tutorial. This section demonstrates the implementation of a simple SSL client and server program using OpenSSL APIs.

SSL Programming Tutorial

Although SSL client and server programs might differ in their setup and configuration, their common internal procedures can be summarized in Figure 4-8 “ Overview of SSL Application with OpenSSL APIs”. These procedures are discussed in the following sections. Figure 4-8 Overview of SSL Application with OpenSSL APIs Before you can call any other OpenSSL APIs in the SSL application programs, you must perform initialization using the following SSL APIs. The SSL_library_init() API registers all ciphers and hash algorithms used in SSL APIs.

SSL applications should call the SSL_load_error_strings() API. The first step after the intialization is to choose an SSL/TLS protocol version. For every SSL/TLS version, there are three types of APIs to create an SSL_METHOD structure: one for both client and server, one for server only, and one for client only.