"If you have struggled with OpenSSL and the supplied documentation then you will regret the amount of time that you have wasted before finding this book. If you are planning to use OpenSSL then you need to buy a copy - it's essential reading. What is more surprising is that even if you don't plan to use OpenSSL, then downloading it and trying out the examples in the book could be the education in practical cryptography you really need. What more can I say of any book, other than that I certainly won't be lending it to anyone else? It's going to remain firmly chained to my bookshelf for the foreseeable future - and no, you can't borrow it." - Mike James, VSJ, October 2003

a good introduction and a useful reference guide.

This volume is designed to enable developers to use The OpenSSL library more effectively. It offers guidance on avoiding pitfalls, while taking advantage of the library's advanced features and provides the information necessary to use OpenSSL safely and effectively. In step-by-step fashion, the book details the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges. System and network administrator should benefit from the thorough treatment of the OpenSSL command-line interface, as well as from step-by-step directions for obtaining certificates and setting up certification authority. Developer should benefit from the in-depth discussions and examples of how to use OpenSSL in their own programs. Although OpenSSL is written in C, information on how to use OpenSSL with Perl, Python and PHP is also included.

This volume is designed to enable developers to use The OpenSSL library more effectively. It offers guidance on avoiding pitfalls, while taking advantage of the library's advanced features and provides the information necessary to use OpenSSL safely and effectively. In step-by-step fashion, the book details the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges. System and network administrator should benefit from the thorough treatment of the OpenSSL command-line interface, as well as from step-by-step directions for obtaining certificates and setting up certification authority. Developer should benefit from the in-depth discussions and examples of how to use OpenSSL in their own programs. Although OpenSSL is written in C, information on how to use OpenSSL with Perl, Python and PHP is also included.

John Viega, Founder and Chief Scientist of Secure Software (www.securesoftware.com), is a well-known security expert, and coauthor of Building Secure Software (Addison-Wesley) and Network Security with OpenSSL (O'Reilly). John is responsible for numerous software security tools, and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and M.S. in Computer Science from the University of Virginia. Mr. Viega is also an Adjunct Professor of Computer Science at Virginia Tech (Blacksburg, VA) and a Senior Policy Researcher at the Cyberspace Policy Institute, and he serves on the Technical Advisory Board for the Open Web Applications Security Project. He also founded a Washington, D.C. area security interest group that conducts monthly lectures presented by leading experts in the field. He is the author or coauthor of nearly 80 technical publications, including numerous refereed research papers and trade articles.

Matt Messier, Director of Engineering at Secure Software, is a security authority who has been programming for nearly two decades. Besides coauthoring Network Security with OpenSSL, Matt coauthored the Safe C String Library, RATS, and EGADS, an Entropy Gathering and Distribution System used for securely seeding pseudo-random number generators. Prior to joining Secure Software, Matt worked for IBM and Lotus, on source and assembly level debugging techniques, and operating system concepts.

Pravir Chandra, Research Scientist at Secure Software Solutions, is an expert in language-level security. Most recently, he co-authored the DARPA-funded "catscan" tool for static security analysis of C source code. Pravir holds a B.S. in Computer Science from Case Western Reserve University, and wants you to know that Cleveland rocks!

2002-07-16 If only I'd had this book six months ago!

This is the book I needed when I started developing code using OpenSSL. As it was, I struggled through using the ropey
on-line docs, combing the web for examples, and reading the source code for the "openssl" utility to try and work out how
to use it.

When trying to come to grips with the OpenSSL toolkit, I searched in vain for something that provides a
simple explanation of how everything fits together. I've now come to the conclusion that there's no such thing as a simple
explanation - the subject is big enough that you just have to learn quite a lot before you can use it. But, this book comes
as close as I think you could hope for.

If you're using OpenSSL, you *need* this book, it's got information on cryptography, the OpenSSL API, the toolkit,
as well as candid comments about its strengths and weaknesses.

The book doesn't cover the SSL protocol: if you need that then I'd recommend the book "SSL and TLS Essentials" by Stephen
Thomas, which complements this book well, as it goes into a lot of detail on the protocol without any information at all about
the programming side.