{"product_id":"implementing-ssl-tls-using-cryptography-and-pki-isbn-9780470920411","title":"Implementing SSL \/ TLS Using Cryptography and PKI","description":"Hands-on, practical guide to implementing SSL and TLS protocols for Internet security  \u003cp\u003eIf you are a network professional who knows C programming, this practical book is for you.  Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more. \u003c\/p\u003e \u003cp\u003eCoverage includes:\u003c\/p\u003e \u003cul\u003e \u003cli\u003eUnderstanding Internet Security\u003c\/li\u003e \u003cli\u003eProtecting against Eavesdroppers with Symmetric Cryptography\u003c\/li\u003e \u003cli\u003eSecure Key Exchange over an Insecure Medium with Public Key Cryptography\u003c\/li\u003e \u003cli\u003eAuthenticating Communications Using Digital Signatures\u003c\/li\u003e \u003cli\u003eCreating a Network of Trust Using X.509 Certificates\u003c\/li\u003e \u003cli\u003eA Usable, Secure Communications Protocol: Client-Side TLS\u003c\/li\u003e \u003cli\u003eAdding Server-Side TLS 1.0 Support\u003c\/li\u003e \u003cli\u003eAdvanced SSL Topics\u003c\/li\u003e \u003cli\u003eAdding TLS 1.2 Support to Your TLS Library\u003c\/li\u003e \u003cli\u003eOther Applications of SSL\u003c\/li\u003e \u003cli\u003eA Binary Representation of Integers: A Primer\u003c\/li\u003e \u003cli\u003eInstalling TCPDump and OpenSSL\u003c\/li\u003e \u003cli\u003eUnderstanding the Pitfalls of SSLv2\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eSet up and launch a working implementation of SSL with this practical guide.\u003c\/p\u003e \u003cp\u003eIntroduction xxvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Understanding Internet Security 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Are Secure Sockets? 2\u003c\/p\u003e \u003cp\u003e“Insecure” Communications: Understanding the HTTP Protocol 4\u003c\/p\u003e \u003cp\u003eImplementing an HTTP Client 5\u003c\/p\u003e \u003cp\u003eAdding Support for HTTP Proxies 12\u003c\/p\u003e \u003cp\u003eReliable Transmission of Binary Data with Base64 Encoding 17\u003c\/p\u003e \u003cp\u003eImplementing an HTTP Server 21\u003c\/p\u003e \u003cp\u003eRoadmap for the Rest of This Book 27\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Protecting Against Eavesdroppers with Symmetric Cryptography 29\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Block Cipher Cryptography Algorithms 30\u003c\/p\u003e \u003cp\u003eImplementing the Data Encryption Standard (DES) Algorithm 31\u003c\/p\u003e \u003cp\u003eDES Initial Permutation 34\u003c\/p\u003e \u003cp\u003eDES Key Schedule 38\u003c\/p\u003e \u003cp\u003eDES Expansion Function 40\u003c\/p\u003e \u003cp\u003eDES Decryption 45\u003c\/p\u003e \u003cp\u003ePadding and Chaining in Block Cipher Algorithms 46\u003c\/p\u003e \u003cp\u003eUsing the Triple-DES Encryption Algorithm to Increase Key Length 55\u003c\/p\u003e \u003cp\u003eFaster Encryption with the Advanced Encryption Standard (AES) Algorithm 60\u003c\/p\u003e \u003cp\u003eAES Key Schedule Computation 60\u003c\/p\u003e \u003cp\u003eAES Encryption 67\u003c\/p\u003e \u003cp\u003eOther Block Cipher Algorithms 83\u003c\/p\u003e \u003cp\u003eUnderstanding Stream Cipher Algorithms 83\u003c\/p\u003e \u003cp\u003eUnderstanding and Implementing the RC4 Algorithm 84\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Converting a Block Cipher to a Stream Cipher: The OFB and COUNTER Block-Chaining Modes 90\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecure Key Exchange over an Insecure Medium with Public Key Cryptography 91\u003c\/p\u003e \u003cp\u003eUnderstanding the Theory Behind the RSA Algorithm 92\u003c\/p\u003e \u003cp\u003ePerforming Arbitrary Precision Binary Math to Implement Public-Key Cryptography 93\u003c\/p\u003e \u003cp\u003eImplementing Large-Number Addition 93\u003c\/p\u003e \u003cp\u003eImplementing Large-Number Subtraction 98\u003c\/p\u003e \u003cp\u003eImplementing Large-Number Multiplication 101\u003c\/p\u003e \u003cp\u003eImplementing Large-Number Division 106\u003c\/p\u003e \u003cp\u003eComparing Large Numbers 109\u003c\/p\u003e \u003cp\u003eOptimizing for Modulo Arithmetic 112\u003c\/p\u003e \u003cp\u003eUsing Modulus Operations to Efficiently Compute Discrete Logarithms in a Finite Field 113\u003c\/p\u003e \u003cp\u003eEncryption and Decryption with RSA 114\u003c\/p\u003e \u003cp\u003eEncrypting with RSA 115\u003c\/p\u003e \u003cp\u003eDecrypting with RSA 119\u003c\/p\u003e \u003cp\u003eEncrypting a Plaintext Message 120\u003c\/p\u003e \u003cp\u003eDecrypting an RSA-Encrypted Message 124\u003c\/p\u003e \u003cp\u003eTesting RSA Encryption and Decryption 126\u003c\/p\u003e \u003cp\u003eAchieving Perfect Forward Secrecy with Diffie-Hellman Key Exchange 130\u003c\/p\u003e \u003cp\u003eGetting More Security per Key Bit: Elliptic Curve Cryptography 132\u003c\/p\u003e \u003cp\u003eHow Elliptic Curve Cryptography Relies on Modular Inversions 135\u003c\/p\u003e \u003cp\u003eUsing the Euclidean Algorithm to compute Greatest Common Denominators 135\u003c\/p\u003e \u003cp\u003eComputing Modular Inversions with the Extended Euclidean Algorithm 137\u003c\/p\u003e \u003cp\u003eAdding Negative Number Support to the Huge Number Library 138\u003c\/p\u003e \u003cp\u003eSupporting Negative Remainders 147\u003c\/p\u003e \u003cp\u003eMaking ECC Work with Whole Integers: Elliptic-Curve Cryptography over F\u003csub\u003ep\u003c\/sub\u003e 150\u003c\/p\u003e \u003cp\u003eReimplementing Diffie-Hellman to Use ECC Primitives 150\u003c\/p\u003e \u003cp\u003eWhy Elliptic-Curve Cryptography? 154\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Authenticating Communications Using Digital Signatures 157\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUsing Message Digests to Create Secure Document Surrogates 158\u003c\/p\u003e \u003cp\u003eImplementing the MD5 Digest Algorithm 159\u003c\/p\u003e \u003cp\u003eUnderstanding MD 5 160\u003c\/p\u003e \u003cp\u003eA Secure Hashing Example 161\u003c\/p\u003e \u003cp\u003eSecurely Hashing a Single Block of Data 166\u003c\/p\u003e \u003cp\u003eMD5 Vulnerabilities 169\u003c\/p\u003e \u003cp\u003eIncreasing Collision Resistance with the SHA- 1\u003c\/p\u003e \u003cp\u003eDigest Algorithm 171\u003c\/p\u003e \u003cp\u003eUnderstanding SHA-1 Block Computation 171\u003c\/p\u003e \u003cp\u003eUnderstanding the SHA-1 Input Processing Function 174\u003c\/p\u003e \u003cp\u003eUnderstanding SHA-1 Finalization 176\u003c\/p\u003e \u003cp\u003eEven More Collision Resistance with the SHA- 256\u003c\/p\u003e \u003cp\u003eDigest Algorithm 180\u003c\/p\u003e \u003cp\u003ePreventing Replay Attacks with the HMAC Keyed-Hash Algorithm 184\u003c\/p\u003e \u003cp\u003eImplementing a Secure HMAC Algorithm 186\u003c\/p\u003e \u003cp\u003eCompleting the HMAC Operation 190\u003c\/p\u003e \u003cp\u003eCreating Updateable Hash Functions 190\u003c\/p\u003e \u003cp\u003eDefining a Digest Structure 191\u003c\/p\u003e \u003cp\u003eAppending the Length to the Last Block 194\u003c\/p\u003e \u003cp\u003eComputing the MD5 Hash of an Entire File 196\u003c\/p\u003e \u003cp\u003eWhere Does All of This Fit into SSL? 200\u003c\/p\u003e \u003cp\u003eUnderstanding Digital Signature Algorithm (DSA) Signatures 201\u003c\/p\u003e \u003cp\u003eImplementing Sender-Side DSA Signature Generation 202\u003c\/p\u003e \u003cp\u003eImplementing Receiver-Side DSA Signature Verification 205\u003c\/p\u003e \u003cp\u003eHow to Make DSA Efficient 209\u003c\/p\u003e \u003cp\u003eGetting More Security per Bit: Elliptic Curve DSA 210\u003c\/p\u003e \u003cp\u003eRewriting the Elliptic-Curve Math Functions to Support Large Numbers 211\u003c\/p\u003e \u003cp\u003eImplementing ECDSA 215\u003c\/p\u003e \u003cp\u003eGenerating ECC Keypairs 218\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Creating a Network of Trust Using X.509 Certificates 221\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePutting It Together: The Secure Channel Protocol 222\u003c\/p\u003e \u003cp\u003eEncoding with ASN.1 225\u003c\/p\u003e \u003cp\u003eUnderstanding Signed Certificate Structure 225\u003c\/p\u003e \u003cp\u003eVersion 226\u003c\/p\u003e \u003cp\u003eserialNumber 227\u003c\/p\u003e \u003cp\u003esignature 227\u003c\/p\u003e \u003cp\u003eissuer 229\u003c\/p\u003e \u003cp\u003evalidity 232\u003c\/p\u003e \u003cp\u003esubject 233\u003c\/p\u003e \u003cp\u003esubjectPublicKeyInfo 235\u003c\/p\u003e \u003cp\u003eextensions 237\u003c\/p\u003e \u003cp\u003eSigned Certificates 238\u003c\/p\u003e \u003cp\u003eSummary of X.509 Certificates 241\u003c\/p\u003e \u003cp\u003eTransmitting Certificates with ASN.1 Distinguished Encoding Rules (DER) 241\u003c\/p\u003e \u003cp\u003eEncoded Values 241\u003c\/p\u003e \u003cp\u003eStrings and Dates 242\u003c\/p\u003e \u003cp\u003eBit Strings 243\u003c\/p\u003e \u003cp\u003eSequences and Sets: Grouping and Nesting ASN.1 Values 243\u003c\/p\u003e \u003cp\u003eASN.1 Explicit Tags 244\u003c\/p\u003e \u003cp\u003eA Real-World Certificate Example 244\u003c\/p\u003e \u003cp\u003eUsing OpenSSL to Generate an RSA KeyPair and Certificate 244\u003c\/p\u003e \u003cp\u003eUsing OpenSSL to Generate a DSA KeyPair and Certificate 251\u003c\/p\u003e \u003cp\u003eDeveloping an ASN.1 Parser 252\u003c\/p\u003e \u003cp\u003eConverting a Byte Stream into an ASN.1 Structure 252\u003c\/p\u003e \u003cp\u003eThe asn1parse Code in Action 259\u003c\/p\u003e \u003cp\u003eTurning a Parsed ASN.1 Structure into X.509 Certificate Components 264\u003c\/p\u003e \u003cp\u003eJoining the X.509 Components into a Completed X. 509 Certificate Structure 268\u003c\/p\u003e \u003cp\u003eParsing Object Identifiers (OIDs) 270\u003c\/p\u003e \u003cp\u003eParsing Distinguished Names 271\u003c\/p\u003e \u003cp\u003eParsing Certificate Extensions 275\u003c\/p\u003e \u003cp\u003eSignature Verification 279\u003c\/p\u003e \u003cp\u003eValidating PKCS #7-Formatted RSA Signatures 280\u003c\/p\u003e \u003cp\u003eVerifying a Self-Signed Certificate 281\u003c\/p\u003e \u003cp\u003eAdding DSA Support to the Certificate Parser 286\u003c\/p\u003e \u003cp\u003eManaging Certificates 292\u003c\/p\u003e \u003cp\u003eHow Authorities Handle Certificate Signing Requests (CSRs) 292\u003c\/p\u003e \u003cp\u003eCorrelating Public and Private Keys Using PKCS # 12\u003c\/p\u003e \u003cp\u003eFormatting 293\u003c\/p\u003e \u003cp\u003eBlacklisting Compromised Certificates Using Certificate Revocation Lists (CRLs) 294\u003c\/p\u003e \u003cp\u003eKeeping Certificate Blacklists Up-to-Date with the Online Certificate Status Protocol (OCSP) 295\u003c\/p\u003e \u003cp\u003eOther Problems with Certificates 296\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 A Usable, Secure Communications Protocol: Client-Side TLS 297\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImplementing the TLS 1.0 Handshake (Client Perspective) 299\u003c\/p\u003e \u003cp\u003eAdding TLS Support to the HTTP Client 300\u003c\/p\u003e \u003cp\u003eUnderstanding the TLS Handshake Procedure 303\u003c\/p\u003e \u003cp\u003eTLS Client Hello 304\u003c\/p\u003e \u003cp\u003eTracking the Handshake State in the TLSParameters Structure 304\u003c\/p\u003e \u003cp\u003eDescribing Cipher Suites 308\u003c\/p\u003e \u003cp\u003eFlattening and Sending the Client Hello Structure 309\u003c\/p\u003e \u003cp\u003eTLS Server Hello 316\u003c\/p\u003e \u003cp\u003eAdding a Receive Loop 317\u003c\/p\u003e \u003cp\u003eSending Alerts 318\u003c\/p\u003e \u003cp\u003eParsing the Server Hello Structure 319\u003c\/p\u003e \u003cp\u003eReporting Server Alerts 323\u003c\/p\u003e \u003cp\u003eTLS Certificate 324\u003c\/p\u003e \u003cp\u003eTLS Server Hello Done 328\u003c\/p\u003e \u003cp\u003eTLS Client Key Exchange 329\u003c\/p\u003e \u003cp\u003eSharing Secrets Using TLS PRF (Pseudo-Random Function) 329\u003c\/p\u003e \u003cp\u003eCreating Reproducible, Unpredictable Symmetric Keys with Master Secret Computation 336\u003c\/p\u003e \u003cp\u003eRSA Key Exchange 337\u003c\/p\u003e \u003cp\u003eDiffie-Hellman Key Exchange 343\u003c\/p\u003e \u003cp\u003eTLS Change Cipher Spec 344\u003c\/p\u003e \u003cp\u003eTLS Finished 346\u003c\/p\u003e \u003cp\u003eComputing the Verify Message 347\u003c\/p\u003e \u003cp\u003eCorrectly Receiving the Finished Message 352\u003c\/p\u003e \u003cp\u003eSecure Data Transfer with TLS 353\u003c\/p\u003e \u003cp\u003eAssigning Sequence Numbers 353\u003c\/p\u003e \u003cp\u003eSupporting Outgoing Encryption 355\u003c\/p\u003e \u003cp\u003eAdding Support for Stream Ciphers 358\u003c\/p\u003e \u003cp\u003eUpdating Each Invocation of send_message 359\u003c\/p\u003e \u003cp\u003eDecrypting and Authenticating 361\u003c\/p\u003e \u003cp\u003eTLS Send 364\u003c\/p\u003e \u003cp\u003eTLS Receive 365\u003c\/p\u003e \u003cp\u003eImplementing TLS Shutdown 368\u003c\/p\u003e \u003cp\u003eExamining HTTPS End-to-end Examples (TLS 1.0) 369\u003c\/p\u003e \u003cp\u003eDissecting the Client Hello Request 370\u003c\/p\u003e \u003cp\u003eDissecting the Server Response Messages 372\u003c\/p\u003e \u003cp\u003eDissecting the Key Exchange Message 373\u003c\/p\u003e \u003cp\u003eDecrypting the Encrypted Exchange 374\u003c\/p\u003e \u003cp\u003eExchanging Application Data 377\u003c\/p\u003e \u003cp\u003eDifferences Between SSL 3.0 and TLS 1.0 378\u003c\/p\u003e \u003cp\u003eDifferences Between TLS 1.0 and TLS 1.1 379\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Adding Server-Side TLS 1.0 Support 381\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImplementing the TLS 1.0 Handshake from the Server’s Perspective 381\u003c\/p\u003e \u003cp\u003eTLS Client Hello 387\u003c\/p\u003e \u003cp\u003eTLS Server Hello 390\u003c\/p\u003e \u003cp\u003eTLS Certificate 391\u003c\/p\u003e \u003cp\u003eTLS Server Hello Done 393\u003c\/p\u003e \u003cp\u003eTLS Client Key Exchange 394\u003c\/p\u003e \u003cp\u003eRSA Key Exchange and Private Key Location 395\u003c\/p\u003e \u003cp\u003eSupporting Encrypted Private Key Files 399\u003c\/p\u003e \u003cp\u003eChecking That Decryption was Successful 406\u003c\/p\u003e \u003cp\u003eCompleting the Key Exchange 407\u003c\/p\u003e \u003cp\u003eTLS Change Cipher Spec 409\u003c\/p\u003e \u003cp\u003eTLS Finished 409\u003c\/p\u003e \u003cp\u003eAvoiding Common Pitfalls When Adding HTTPS Support to a Server 411\u003c\/p\u003e \u003cp\u003eWhen a Browser Displays Errors: Browser Trust Issues 412\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Advanced SSL Topics 415\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePassing Additional Information with Client Hello Extensions 415\u003c\/p\u003e \u003cp\u003eSafely Reusing Key Material with Session Resumption 420\u003c\/p\u003e \u003cp\u003eAdding Session Resumption on the Client Side 421\u003c\/p\u003e \u003cp\u003eRequesting Session Resumption 422\u003c\/p\u003e \u003cp\u003eAdding Session Resumption Logic to the Client 422\u003c\/p\u003e \u003cp\u003eRestoring the Previous Session’s Master Secret 424\u003c\/p\u003e \u003cp\u003eTesting Session Resumption 425\u003c\/p\u003e \u003cp\u003eViewing a Resumed Session 427\u003c\/p\u003e \u003cp\u003eAdding Session Resumption on the Server Side 428\u003c\/p\u003e \u003cp\u003eAssigning a Unique Session ID to Each Session 429\u003c\/p\u003e \u003cp\u003eAdding Session ID Storage 429\u003c\/p\u003e \u003cp\u003eModifying parse_client_hello to Recognize Session Resumption Requests 433\u003c\/p\u003e \u003cp\u003eDrawbacks of This Implementation 435\u003c\/p\u003e \u003cp\u003eAvoiding Fixed Parameters with Ephemeral Key Exchange 436\u003c\/p\u003e \u003cp\u003eSupporting the TLS Server Key Exchange Message 437\u003c\/p\u003e \u003cp\u003eAuthenticating the Server Key Exchange Message 439\u003c\/p\u003e \u003cp\u003eExamining an Ephemeral Key Exchange Handshake 442\u003c\/p\u003e \u003cp\u003eVerifying Identity with Client Authentication 448\u003c\/p\u003e \u003cp\u003eSupporting the CertificateRequest Message 449\u003c\/p\u003e \u003cp\u003eAdding Certificate Request Parsing Capability for the Client 450\u003c\/p\u003e \u003cp\u003eHandling the Certificate Request 452\u003c\/p\u003e \u003cp\u003eSupporting the Certificate Verify Message 453\u003c\/p\u003e \u003cp\u003eRefactoring rsa_encrypt to Support Signing 453\u003c\/p\u003e \u003cp\u003eTesting Client Authentication 458\u003c\/p\u003e \u003cp\u003eViewing a Mutually-Authenticated TLS Handshake 460\u003c\/p\u003e \u003cp\u003eDealing with Legacy Implementations: Exportable Ciphers 463\u003c\/p\u003e \u003cp\u003eExport-Grade Key Calculation 463\u003c\/p\u003e \u003cp\u003eStep-up Cryptography 465\u003c\/p\u003e \u003cp\u003eDiscarding Key Material Through Session Renegotiation 465\u003c\/p\u003e \u003cp\u003eSupporting the Hello Request 466\u003c\/p\u003e \u003cp\u003eRenegotiation Pitfalls and the Client Hello Extension 0xFF01 468\u003c\/p\u003e \u003cp\u003eDefending Against the Renegotiation Attack 469\u003c\/p\u003e \u003cp\u003eImplementing Secure Renegotiation 471\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Adding TLS 1.2 Support to Your TLS Library 479\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSupporting TLS 1.2 When You Use RSA for the Key Exchange 479\u003c\/p\u003e \u003cp\u003eTLS 1.2 Modifications to the PRF 481\u003c\/p\u003e \u003cp\u003eTLS 1.2 Modifications to the Finished Messages Verify Data 483\u003c\/p\u003e \u003cp\u003eImpact to Diffie-Hellman Key Exchange 485\u003c\/p\u003e \u003cp\u003eParsing Signature Types 485\u003c\/p\u003e \u003cp\u003eAdding Support for AEAD Mode Ciphers 490\u003c\/p\u003e \u003cp\u003eMaximizing Throughput with Counter Mode 490\u003c\/p\u003e \u003cp\u003eReusing Existing Functionality for Secure Hashes with CBC-MAC 494\u003c\/p\u003e \u003cp\u003eCombining CTR and CBC-MAC into AES-CCM 496\u003c\/p\u003e \u003cp\u003eMaximizing MAC Throughput with Galois-Field Authentication 502\u003c\/p\u003e \u003cp\u003eCombining CTR and Galois-Field Authentication with AES-GCM 505\u003c\/p\u003e \u003cp\u003eAuthentication with Associated Data 510\u003c\/p\u003e \u003cp\u003eIncorporating AEAD Ciphers into TLS 1.2 517\u003c\/p\u003e \u003cp\u003eWorking ECC Extensions into the TLS Library 523\u003c\/p\u003e \u003cp\u003eECDSA Certificate Parsing 527\u003c\/p\u003e \u003cp\u003eECDHE Support in TLS 533\u003c\/p\u003e \u003cp\u003eECC Client Hello Extensions 540\u003c\/p\u003e \u003cp\u003eThe Current State of TLS 1.2 540\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Other Applications of SSL 543\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAdding the NTTPS Extension to the NTTP Algorithm 543\u003c\/p\u003e \u003cp\u003eImplementing “Multi-hop” SMTP over TLS and Protecting Email Content with S\/MIME 545\u003c\/p\u003e \u003cp\u003eUnderstanding the Email Model 545\u003c\/p\u003e \u003cp\u003eThe SSL\/TLS Design and Email 546\u003c\/p\u003e \u003cp\u003eMultipurpose Internet Mail Extensions (MIME) 547\u003c\/p\u003e \u003cp\u003eProtecting Email from Eavesdroppers with S\/MIME 549\u003c\/p\u003e \u003cp\u003eSecuring Email When There Are Multiple Recipients 550\u003c\/p\u003e \u003cp\u003eS\/MIME Certificate Management 552\u003c\/p\u003e \u003cp\u003eSecuring Datagram Traffic 552\u003c\/p\u003e \u003cp\u003eSecuring the Domain Name System 553\u003c\/p\u003e \u003cp\u003eUsing the DNS Protocol to Query the Database 555\u003c\/p\u003e \u003cp\u003eDisadvantages of the DNS Query 555\u003c\/p\u003e \u003cp\u003ePreventing DNS Cache Poisoning with DNSSEC 556\u003c\/p\u003e \u003cp\u003eTLS Without TCP — Datagram TLS 559\u003c\/p\u003e \u003cp\u003eSupporting SSL When Proxies Are Involved 560\u003c\/p\u003e \u003cp\u003ePossible Solutions to the Proxy Problem 560\u003c\/p\u003e \u003cp\u003eAdding Proxy Support Using Tunneling 561\u003c\/p\u003e \u003cp\u003eSSL with OpenSSL 564\u003c\/p\u003e \u003cp\u003eFinal Thoughts 566\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix A Binary Representation of Integers: A Primer 567\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Decimal and Binary Numbering Systems 567\u003c\/p\u003e \u003cp\u003eUnderstanding Binary Logical Operations 568\u003c\/p\u003e \u003cp\u003eThe AND Operation 568\u003c\/p\u003e \u003cp\u003eThe OR Operation 569\u003c\/p\u003e \u003cp\u003eThe NOT Operation 569\u003c\/p\u003e \u003cp\u003eThe XOR Operation 569\u003c\/p\u003e \u003cp\u003ePosition Shifting of Binary Numbers 570\u003c\/p\u003e \u003cp\u003eTwo’s-Complement Representation of Negative Numbers 570\u003c\/p\u003e \u003cp\u003eBig-Endian versus Little-Endian Number Formats 571\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix B Installing TCPDump and OpenSSL 573\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInstalling TCPDump 573\u003c\/p\u003e \u003cp\u003eInstalling TCPDump on a Windows System 574\u003c\/p\u003e \u003cp\u003eInstalling TCPDump on a Linux System 575\u003c\/p\u003e \u003cp\u003eInstalling OpenSSL 575\u003c\/p\u003e \u003cp\u003eInstalling OpenSSL on a Windows System 575\u003c\/p\u003e \u003cp\u003eInstalling OpenSSL on a Linux system 577\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix C Understanding the Pitfalls of SSLv 2 579\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImplementing the SSL Handshake 582\u003c\/p\u003e \u003cp\u003eSSL Client Hello 588\u003c\/p\u003e \u003cp\u003eSSL Server Hello 592\u003c\/p\u003e \u003cp\u003eSSL Client Master Key 600\u003c\/p\u003e \u003cp\u003eSSL Client Finished 607\u003c\/p\u003e \u003cp\u003eSSL Server Verify 612\u003c\/p\u003e \u003cp\u003eSSL Server Finished 616\u003c\/p\u003e \u003cp\u003eSSL send 617\u003c\/p\u003e \u003cp\u003eSSL recv 617\u003c\/p\u003e \u003cp\u003eExamining an HTTPS End-to-End Example 619\u003c\/p\u003e \u003cp\u003eViewing the TCPDump Output 619\u003c\/p\u003e \u003cp\u003eProblems with SSLv 2 626\u003c\/p\u003e \u003cp\u003eMan-in-the-Middle Attacks 626\u003c\/p\u003e \u003cp\u003eTruncation Attacks 626\u003c\/p\u003e \u003cp\u003eSame Key Used for Encryption and Authentication 626\u003c\/p\u003e \u003cp\u003eNo Extensions 627\u003c\/p\u003e \u003cp\u003eIndex 629\u003c\/p\u003e \u003cb\u003eJoshua Davies\u003c\/b\u003e is a principal architect for Travelocity.com, responsible for the architecture of the main Web site with a focus on networking and security. Previously, he designed distributed systems for AT\u0026amp;T, Digex, and the Mexican telecommunications giant Pegaso.  \u003cb\u003eLet's get down to a practical implementation of SSL and TLS\u003c\/b\u003e  \u003cp\u003eSSL\/TLS is a standardized, widely implemented, peer-reviewed protocol for applying cryptographic primitives to arbitrary networked communications. It provides privacy, integrity, and a measure of authenticity to otherwise inherently untrustworthy network connections.\u003c\/p\u003e \u003cp\u003eWhile most books detail the protocol, this one is intended to provide you with a nearly complete SSL\/TLS library, developed incrementally using C code. Whether or not you have a working knowledgeof cryptography, you'll find this practical guide helps you understand the internals of these libraries so that, when it comes time to use one, you will have a firm understanding of what takes place at each stage.\u003c\/p\u003e \u003cul\u003e \u003cli\u003e \u003cp\u003eUnderstand secure sockets and the HTTP protocol\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eLearn to protect against eavesdroppers with symmetric cryptography\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eSecure key exchanges over an insecure medium with public key cryptography and boost security with elliptic curve cryptography\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eExamine the use of digital signatures and X.509 certificates\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eDevelop a usable, secure communications protocol with client-side TLS\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eAdd server-side TLS 1.0 support\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eUse SSL in advanced situations, including safely reusing key material with sessionresumption and verifying identity with client authentication\u003c\/p\u003e \u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eGo to www.wiley.com\/go\/implementingssl to find code and other features related to this book\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989407678693,"sku":"NP9780470920411","price":63.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9780470920411.jpg?v=1761783986","url":"https:\/\/k12savings.com\/es\/products\/implementing-ssl-tls-using-cryptography-and-pki-isbn-9780470920411","provider":"K12savings","version":"1.0","type":"link"}