Topic: OpenSSL Cookbook 2nd Edition Released :: Free ebook

[Steffen]

Ivan (well known as original author of mod_security and SSL Labs) has updated his OpenSSL Cookbook ebook. With lots more content: private CA creation, secure server assessment, etc..

OpenSSL Cookbook is a free ebook built around two OpenSSL chapters from Bulletproof SSL and TLS, a larger work that teaches how to deploy secure servers and web applications. For the Bulletproof SSL and TLS book, see www.apachelounge.com/viewtopic.php?t=6139


https://community.qualys.com/blogs/securitylabs/2015/03/03/openssl-cookbook-2nd-edition-released

See also the free books Apache Security & ModSecurity :
www.apachelounge.com/viewtopic.php?t=6431


Really good books from Ivan. If you use SSL (and you should), read it! It contains you need to know/understand deploying SSL/TLS to secure servers and web applications. It is a comprehensive coverage of the ever-changing field of SSL/TLS.

Here’s a brief overview of what’s new:

New chapter Testing with OpenSSL, which focuses on secure server assessment.

New section Recommended Configuration, which contains a list of recommended cipher suites. I now prefer to configure OpenSSL by explicitly listing all the suites I wish to enable.

New section Creating a Private Certification Authority, which contains a step-by-step guide to creating and deploying a private CA. Updated SSL/TLS Deployment Best Practices to v1.4.

Important changes in this version include SHA1 deprecation and SSL 3 weaknesses (POODLE).


Steffen