Implementing SSL / TLS Using Cryptography and PKI

As a networking professional, I've long known of many SSL and TLS terms and concepts, but had little idea of how these all fit together. This was the perfect book for me.The book does a nice job of laying out each of the capabilities that TLS needs to do its job, explains terms, and gets into the details of how things work. Davies includes it all of the C code to implement TLS, so if the text is ever unclear you can refer to the code to understand exactly what he means. His writing is good enough that I rarely had to do this.If you are interested in cryptographic theory, the math of why an encryption algorithm works the way it does, this is not the book for you. Otherwise, this is an excellent primer and reference on all the key concepts on TLS. I'm hopeful Davies will publish a revised edition when TLS 1.3 is finalized in the next year or two.

This book is truly outstanding. SSL/TLS is a complex subject and requires a lot of reading. As this book effectively describes, SSL/TLS has evolved over the last 2 decades from manydifferent encryption technologies published by several standards committees. There is not a lot of technical cohesion between these committees making understanding even more complex. I have read several books on cryptography and SSL/TLS over the years. Although some were good, they never effectively pulled the whole story together. This book covers all of the gaps and puts together the complete picture. The code examples provided are numerous and highly explanatory. This book is a must read for any programmer/architect who needs to go beyond the standard sockets/OpenSSL HTTPS programming. Read this book and you will know more about the implementation of cryptography, PKI, and TLS than many so called "experts". I wish I had found this book a couple of years ago!

This book is for S/W engineers or students who want to learn SSL and/or use OpenSSL to integrate SSL into their apps.That OpenSSL book (Network Security with OpenSSL) doesn't work. It cannot even explain OpenSSL APIs well enough, not to mention SSL. I mean, that book tells you to call API foo() first and then bar() next. But it doesn't tell you why. Given so many complicated data structures and APIs involved, you'd be stuck immediately if you want to do something not covered in the book.But this book shows you all the real world details about SSL, and how to implement an SSL library. The structure of those SSL APIs implemented is similar to OpenSSL. Concepts involved are the same. From this book, you can learn how those concepts and algorithms are pieced together. That's why you'll know how to use OpenSSL after reading this book.I find the notes on some SSL history across the book are also very useful. These facts are hard to find, and usually not mentioned in formal documents. It helps you understand why SSL works like this today.Salute to the author !

I bought this book based on its high reviews and I was shocked at just how awful it is. Yes, it's comprehensive and thick so that's probably why people liked it. But the author seems to use code instead of (not complimentary to) good English-language explanations. And that would be okay if the code itself weren't utterly unreadable trash. There's pointless macros all over the place, obfuscated pointer arithmetic that the author picked up for some micro-optimization that hasn't been used in actual compilers in years, massive dumps of hexadecimal and define statements in programs that simply don't need it. The guy writes C like self-taught Perl hacker in the late 90s. And most of it is completely irrelevant anyway since he loves to implement side details on his own rather than use common library functions for seemingly no reason at all. Just get to the algorithm already! I don't care how you personally would parse the URI out of a string, I care about the details of SSL security. I love the idea of using code as a learning modality, but this author simply didn't know how to do so. He doesn't know how to write code for readability and isn't talented at writing English prose. It's way more of a chore to get through than it needs to be.

This book explains a very complex topic (SSL) in a clear, step-by-step fashion.As well as examining the cryptographic protocols themselves, the author explains the background reasons and history behind their design. He isn't afraid to get into the complex details, but he always stays focused on what's important: designing and implementing SSL. When explaining elliptic curve cryptography, for example, he briefly summarizes the esoteric maths that underlie it - enough to wet your appetite, if you're interested in that kind of thing - but then concentrates on how to actually implement ECC in code.The author's writing style is friendly, informal and very readable. Even the grammar is near-flawless.The author provides clear, well-thought-out sample code for everything - right there in the book. No having to download code from a broken link!

I was forced to deal with a TLS system at work (not really my thing) and the book was invaluable in figuring out how things are supposed to work. This is hard stuff and the combination of theory, explanations and code gives you plenty of levels to approach it. This is one of those rare books that should be on your shelf as a reference.

This book helped fill-in missing information about how to create and manage SSL certificates. I would recommend this book for anyone who is establishing and managing a local Certificate Authority.

TLS has a lot of different parts and it is hard to grasp them all. This book really helped me to understand how TLS is working in detail. It is recommended to anyone who wants to understand how TLS is implemented. What I lacked was performance discussion, and newer modes like the hardware-optimized AES-GCM.

Anyone interested in negotiating the maze of encryption, certificates and SSL/TLS should get this book. It is the 1st book that deep dives into the why rather than just the how.The book comes with a C implementation of the the majority of the discussions, however this can be skipped if you are not interested in rolling your own. However it does provide considerable overview of what is going on under the hood.Despite dealing with cybersecurity for a little while, I learned so much from this book. A must on anyones bookshelf

The best book in cryptography ever. Not only author has gathered all the fundamental information but he also included the majority - I could even say all - of the countless details and information that take part in the different cryptography schemes and policies. He provides good and clear code as well as the appropriate knowledge for the reader to understand it.The author's research saves reader from wasting time going back and forward between RFC's and thousands of bad-written cryptographic documentation, while leading him - through structured procedures - to correct suggestions and conclusions.If only all the Computer-Science writers were following Joshua's example when writing their books, it would save me years of wasted time and I would probably know much more than I already know.

If you want to use and properly understand the mainstream cryptographic tools and algorithms, this book explains them well and in as much depth as you'd like.Only if you want to design new algorithms, look at the more mathematical books.

This must be one of the best works on SSL TLS ever.Lots of code and gory detail that all developers will love

This book is not only an excellent template for developing your own system for secured communication but also the incredible introduction into the basics of the cryptography in the volume minimally sufficient for understanding SSL and TLS.If your challenge is one of the following this is the book for you:1. Deep understanding in the shortest possible time how the secured communication and networks if trust work2. Development of your own or extending an existing implementation of SSL/TLS e.g. for an embedded system or any other where you cannot, don't want or may not use existing open source and commercial solutions3. Development of the protocol network or similar analyzers4. Security audits of the network traffic5. Development of the test software which should emulate a "controlled incorrect" behavior of one of the communication partnerThis list is of course not complete and can be continuedThe only small weakness which should be fixed by the author is the matter that the proposed TLS 1.2 has intentionally adopted some bugs of the current for the publication time version of the GnuTLS. This was one of the very few, when not the only publicly available implementation of the TLS 1.2. This was done to make the sources in the book testable against those of the reader utilizing the TLS 1.2 in GnuTLS. The latter are fixed a long time ago but the downloadable sources for the book are not modified. So the implementation of the PRF for the TLS 1.2 in the book must be double checked before using.