OpenSSL Cookbook pdf epub mobi txt 電子書 下載2025

想要找書就要到 小美書屋

立刻按 ctrl+D收藏本頁

你會得到大驚喜!!

A guide to the most frequently used OpenSSL features and commands, written by Ivan Ristic.

* Comprehensive coverage of OpenSSL installation, configuration, and key and certificate management

* Includes SSL/TLS Deployment Best Practices, a design and deployment guide

* Written by a well-known practitioner in the field and the author of SSL Labs and the SSL/TLS configuration assessment tool

* Available in a variety of digital formats (PDF, EPUB, Mobi/Kindle); no DRM

* Continuously updated

OpenSSL Cookbook is built around one chapter from Bulletproof SSL/TLS and PKI, a larger work that provides complete coverage of SSL/TLS and PKI topics. For more information and other digital formats (PDF, EPUB, ...) please visit feistyduck.com/books/openssl-cookbook/

Ivan Ristić is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.

He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.

Preface

Chapter 1. OpenSSL Cookbook
Getting Started
Determine OpenSSL Version and Configuration
Building OpenSSL
Examine Available Commands
Building a Trust Store

Key and Certificate Management
Key Generation
Creating Certificate Signing Requests
Creating CSRs from Existing Certificates
Unattended CSR Generation
Signing Your Own Certificates
Creating Certificates Valid for Multiple Hostnames
Examining Certificates
Key and Certificate Conversion
Configuration
Cipher Suite Selection
Performance

Appendix A: SSL/TLS Deployment Best Practices
Introduction

1. Private Key and Certificate
1.1. Use 2048-bit Private Keys
1.2. Protect Private Keys
1.3. Ensure Sufficient Hostname Coverage
1.4. Obtain Certificates from a Reliable CA

2. Configuration
2.1. Deploy with Complete and Valid Certificate Chains
2.2. Use Only Secure Protocols
2.3. Use Only Secure Cipher Suites
2.4. Control Cipher Suite Selection
2.5. Support Forward Secrecy
2.6. Disable Client-Initiated Renegotiation
2.7. Mitigate Known Problems

3. Performance
3.1. Do Not Use Too-Strong Private Keys
3.2. Ensure That Session Resumption Works Correctly
3.3. Use Persistent Connections (HTTP)
3.4. Enable Caching of Public Resources (HTTP)

4. Application Design (HTTP)
4.1. Encrypt 100% of Your Web Site
4.2. Avoid Mixed Content
4.3. Understand and Acknowledge Third-Party Trust
4.4. Secure Cookies
4.5. Deploy HTTP Strict Transport Security
4.6. Disable Caching of Sensitive Content
4.7. Ensure That There Are No Other Vulnerabilities

5. Validation

6. Advanced Topics
· · · · · · (收起)