SSL and TLS: Designing and Building Secure Systems

This books covers everything you want to know about SSL/TLS and specific about SSL/TLS. For anyone who ever looking for more resources on SSL and only found the RFC and spec this is the book you would love to see ... It provides enough cryptogrphic topics details enough to understand the protocol yet not making you bored to sleep. The layout of each chapter also seperated to be overview and detail oriented so you can pick whatever appropriate for you. Covers varieties topics such as SSL application(other than HTTP), SSL history (where the confusions come from), SSL performance measurement (with real data comparison), real SSL trace, code example (best part for programmers !), good reference, .... and so on. Only thing it doesn't cover is to show you how to break SSL (it does cover the known attack, the damage, and the countermeasures, though). Recommend to anyone who is planning, implementing or want to know more about SSL.

Rating:
Summary: An Approachable, Thorough Treatment of TLS/SSL
Review: Although RFC 2246 is superbly written, this book organizes the presentation into a highly digestible format. The attention paid to the details in the protocol, right down to the byte level, are very helpful. The performance data provided is an excellent resource during the software design phase. Anyone developing or deploying TLS/SSL-based solutions will benefit from this book.

Rating:
Summary: Five stars from a designer of SSL
Review: As one of the three co-designers of SSL v3, I highly recommend this book -- it's the best book I've seen on SSL/TLS. Eric knows the protocol inside and out and does an excellent job of explaining both the practice and theory of SSL and TLS. The book also includes includes lots of practical information that isn't in the spec about how things are actually done and does a great job explaining the underlying cryptography and security.

Rating:
Summary: The book on SSL/TLS I was waiting for.
Review: Before this book came along documentation about SSL was fragmentary. You had to learn about SSL from old Netscape draft standards documents, notes, examples, RFCs, existing code, etc. I wished for just such a book as this one. All the essential up-to-date information in one place. I bought it shortly after publication and it exceeded all my expectations. Thorough, clear introduction to the subject of SSL for programmers. The author also provides interesting background material, such as how TLS evolved from pre-existing protocols. The book is very readable and I practically read it from start to finish which is unusual for a technical book. If someone asked me to recommend a book I would suggest this one. And now I am waiting for the book on X.509.

Rating:
Summary: User-friendly demystification
Review: Here is an author who not only knows his subject, but also knows how to communicate principles and practice by the just-in-time principle. No doubt there are other books which cover the territory in a workmanlike way. I have no exposure to any of them, but I am pleased with this choice. The introductory chapters alone were enough to convey the information I needed for a quick start. The details in the following chapters are clearly presented and explained. I particularly like the closing chapters of the book which compare and contrast SSL and TLS with other secure transports - great contextual stuff which I keep at my fingertips so that I can feign wisdom at the drop of a hat.

Rating:
Summary: Great book
Review: I agree with the other reviewers that this is a great book. It's written in such a way that it's useful for readers that intend to use SSL at different levels. For example, there are places that tell you can skip ahead to the next chapter unless you are actually implementing SSL. I also really liked the initial chapter about the general security concepts involved in SSL. It was something I didn't know a lot about and it was very well explained.

Rating:
Summary: This is simply an excellent book
Review: I am already 2/3 through the book and I have learnt a lot from it. The author knows the subject, and it shows. The explation is clear, and the writting is very accessible. If you are interested in security and encryption, then this is one of the best books you can buy.

Rating:
Summary: Truly excellent book.
Review: I was basically hoping for an SSL appendix to Stevens's TCP/IP Illustrated and was not at all disappointed. Rescorla makes excellent use of chronological network traces and has written an SSL equivalent to tcpdump to help illustrate what's going on. This makes for clear explainations, and a steep but none the less thoroughly attainable learning curve.

One word I noticed being used a whole lot was 'why'. Rescorla goes to some lengths to explain the why's of network security, and uses simple concepts to illustrate these.

It also presents a fairly precise history of the whole SSL thing from an entirely neutral political standpoint. He gives credit where it is due - even to Microsoft who, as it turns out, were trying to do the right thing all along. The neutrality also shows when Rescorla goes to lengths to point out potential conflicts of interest when the story involves him, personally.

All in all, if you couldn't tell, I'm very impressed. This is a complex topic, perhaps *the* complex topic and it is handled in a controlled manner. You'll need to be reasonably au fait with TCP/IP and internet protocols in general, but from that point on you're in safe hands.