OpenSSL Cookbook is a free ebook based around one chapter of my in-progress book Bulletproof SSL/TLS and PKI. The appendix contains the SSL/TLS Deployment Best Practices document (re-published with permission from Qualys). In total, there’s about 50 pages of text that covers the OpenSSL essentials, starting with installation, then key and certificate management, and finally cipher suite configuration.
The first version of OpenSSL Cookbook was published in May, but now, five months after that release, I’ve released version 1.1. The changes in this version are as follows:
- Updated SSL/TLS Deployment Best Practices to v1.3. This version brings several significant changes: 1) RC4 is deprecated, 2) the BEAST attack is considered mitigated server-side, 3) Forward Secrecy has been promoted to its own category. There are many other smaller improvements throughout.
- Reworked the cipher suite configuration example to add Forward Security as a requirement, making the example more useful in practice.
- Increased coverage of different key types with a discussion of ECDSA keys. Explained when each type is appropriate.
- Added new text to explain how to generate DSA and ECDSA keys.
- Explained the challenge password, when generating Certificate Signing Requests.
- Marked cipher suite configuration keywords that were introduced only in the OpenSSL 1.x branch. This makes it easier to use the text for reference purposes, if you’re still running the older, OpenSSL 0.9.x, version.
You can get your copy from here.