《SSL与TLS理论与实践》第二版详解

需积分: 18 32 浏览量更新于2024-07-19 1 收藏 2.44MB PDF 举报

《SSL与TLS理论与实践（第二版）》是一本由Rolf Oppliger编写的专著，它属于Artech House信息安全与隐私系列的一部分。该书详细探讨了Secure Sockets Layer (SSL)和Transport Layer Security (TLS)这两种核心的网络安全协议，这些协议在现代互联网通信中扮演着至关重要的角色，确保了数据传输的安全性和完整性。 SSL和TLS是用于加密网络通信的协议，最初由Netscape公司开发并发布于1994年，主要用于保护网站间的交互，如在线购物、银行交易等敏感信息的传输。SSL在2006年被TLS（Transport Layer Security）取代，但SSL的名字仍然被广泛使用，尤其是在旧系统中。书中内容涵盖了SSL/TLS的工作原理，包括它们如何在客户端和服务器之间建立安全连接，通过密钥交换、数字证书、握手协议等关键机制确保数据在传输过程中不被窃听或篡改。此外，作者还会深入解析证书管理、加密算法（如RSA、AES）、协议版本演进（如SSL 3.0、TLS 1.0至1.3）以及其在不同应用场景下的最佳实践。对于任何从事IT行业，特别是网络安全领域的专业人士来说，理解SSL和TLS的理论基础和实际应用至关重要。本书不仅适合于网络安全研究人员、开发人员和审计师，也适合对网络通信安全感兴趣的个人学习者。由于版权原因，未经许可，任何形式的复制或利用都必须得到出版商的书面授权。通过阅读这本书，读者可以掌握如何设计、实现和维护安全的SSL/TLS连接，以及如何处理可能遇到的各种安全问题和挑战。此外，随着网络威胁的不断演变，理解这些协议的最新发展和潜在漏洞防范策略，有助于保持网络安全的前沿知识。《SSL与TLS理论与实践（第二版）》是一本全面且实用的指南，帮助读者深入了解这两项协议的精髓，并将其应用于实际工作场景中，确保网络通信的可靠性和安全性。

Preface xv

knowledge to properly understand them—you still have to capture and read them.

In the case of OpenSSL, for example, you may use [5] or Chapter 11 of [3] as a

reference. Keep in mind, though, that, due to Heartbleed, the reputation of OpenSSL

is discussed controversially in the community. In the case of another library or de-

velopment environment, you have to read the original documentation.

In addition to cryptography, this book also assumes some basic familiarity

with the TCP/IP protocols and their working principles. Again, this assumption

is reasonable, because anybody not familar with TCP/IP is well-advised to ﬁrst

get in touch and try to comprehend TCP/IP networking, before moving on to the

SSL/TLS protocols—only trying to understand SSL/TLS is not likely to be fruitful.

Readers unfamiliar with TCP/IP networking can consult one of the many books

about TCP/IP. Among these books, I particularly recommend the classic books of

Richard Stevens [6] and Douglas Comer [7], but there are many other (or rather

complementary) books available.

To properly understand the current status of the SSL/TLS protocols, it is useful

to be familiar with the Internet standardization process. Again, this process is likely

to be explained in a book on TCP/IP networking. It is also explained in RFC 2026 [8]

and updated on a web page hosted by the Internet Engineering Task Force (IETF).

For each protocol speciﬁed in an RFC document, we are going to say whether it

has been submitted to the Internet standards track or speciﬁed for experimental or

informational use. This distinction is important and highly relevant in practice.

When we discuss the practical use of the SSL/TLS protocols, it is quite

helpful to visualize things with a network protocol analyzer, such as Wireshark

or any other software tool that provides a similar functionality. Wireshark is a

freely available open-source software tool. With regard to SSL/TLS, it is sufﬁciently

complete, meaning that it can be used to analyze SSL/TLS-based data exchanges.

We don’t reproduce screenshots in this book, mainly because the graphical user

interfaces (GUIs) of tools like Wireshark are highly nonlinear,and the corresponding

screenshots are difﬁcult to read and interpret if only single screenshots are available.

When we use Wireshark output, we provide it in textual form. This is visually less

stimulating, but generally more appropriate and therefore more useful in practice.

SSL/TLS: Theory and Practice, Second Edition, is organized and structured in

seven chapters, described as follows.

• Chapter 1, Introduction, prepares the ground for the topic of this book and pro-

vides the fundamentals and basic principles that are necessary to understand

the SSL/TLS protocols properly.

17 https://www.ietf.org/about/standards-process.html.

18 http://www.wireshark.org.

xvi

• Chapter 2, SSL Protocol, introduces, overviews, and puts into perspective the

SSL protocol.

• Chapter 3, TLS Protocol, does the same for the TLS protocol. Unlike Chapter

2, it does not start from scratch but focuses on the main differences between

the SSL and the various versions of the TLS protocol.

• Chapter 4, DTLS Protocol, elaborates on the DTLS protocol, which is basi-

cally a UDP version of the TLS protocol. Again, the chapter mainly focuses

on the differences between the SSL/TLS protocols and the DTLS protocol.

• Chapter 5, Firewall Traversal, addresses the practically relevant and nontrivial

problem of how the SSL/TLS protocols can (securely) traverse a ﬁrewall.

• Chapter 6, Public Key Certiﬁcates and Internet Public Key Infrastructure

(PKI), elaborates on the management of public key certiﬁcates used for

the SSL/TLS protocols, for example, as part of an Internet PKI. This is a

comprehensive topic that deserves a book of its own. Because the security of

the SSL/TLS (and DTLS) protocols depends on and is deeply interlinked with

the public key certiﬁcates in use, we have to say a little bit more than what is

usually found in introductory texts about this topic. We have to look behind

the scenes to understand what is going on.

• Chapter 7, Concluding Remarks, rounds off the book.

In addition, the book includes Appendix A, which summarizes the registered

TLS cipher suites; Appendix B, a primer on padding oracle attacks; Appendix C, a

list of abbreviations and acronyms; my biography; and an index.

At various places, the book refers to common vulnerabilities and exposures

(CVEs). This refers to a common enumeration scheme for publicly known problems

that should make it easier to share data across separate vulnerability capabilities

(e.g., tools, repositories, and services). For a representative repository for CVEs that

is widely used in the ﬁeld, please see https://cve.mitre.org.

Referring to the introductory quote of Albert Einstein, it is sometimes im-

portant to make a clear distinction between what is available in theory and what

is achievable in practice. The second edition of this book makes this distinction

more clear. While the ﬁrst edition mainly focuses on the theoretical security of the

SSL/TLS protocols, the second edition delves more deeply into the practically ori-

ented security considerations as exempliﬁed by the many attacks and attack tools

mentioned above. In theory, they are a minor concern, because they can be easily

mitigated. In practice, however, they are a major concern, because the mitigation is

not always done or done properly. This simpliﬁes an adversary’s job considerably.

剩余300页未读，继续阅读

「已注销」

粉丝: 6
资源: 74

《SSL与TLS理论与实践》第二版详解

SSL and TLS Essentials - Securing the Web.pdf

Bulletproof SSL and TLS

SSL协议详解.pdf

not an SSL/TLS record

GnuTLS: The TLS connection was non-properly terminated. Unable to establish SSL connection.

ssl与tls pdf下载

configure: error: *** No SSL/TLS library not found.

最新资源