SSL and TLS: Designing and Building Secure Systems

However, this book is very good at providing insight, working examples (I typed them in and compiled them myself (atleast the C ones using openssl)), and implementation details so that a developer can secure the network application layer of their program using a robust, standard/open protocol.

I can't vouch for the completeness or accuracy as it relates to other SSL implementations, but it helped me understand how to easily and quickly incorporate SSL/TLS (using openssl) into my applications.

The book also provides many, many tips and techniques in how to incorporate SSL the right way, the secure way. Understanding the details provided by this book, helped me measure the amount of risk and exposure so I could further gauge what was acceptable for my application.

At the end of the day, if you need to use SSL/TLS in your application you won't be disappointed by this book. If you are looking for ways to build and design secure network systems, this book is too heavily focused on the aspects of crypto to cover that topic well, and you would be better served by other books. 5 stars for what it covers well.

Rating:
Summary: Protocol details and and a complete examination
Review: Much of the information presented allows an understanding of the protocol, and not just the way it is used. The book gives the reader a wide overview of all the topics, and explains the ideas behind it. The books also includes code, which allows the programmer to quickly and easily use the protocol for the system being developed. The best book on SSL I've seen.

Rating:
Summary: if you're doing SSL development, you need this
Review: simply put there is no finer book on the subject. this is to SSL and TLS what TCP/IP illustrated is to Ip networking.

you wont learn much about crytography here (you'll definitely want a book on that, too), but you will learn the nuances of how SSL and TLS work. this is, to the best of my knowledge, the first such attempt at this kind of handbook. and i find it succeeds very well. rescorla's attention to detail shows in everything, and that's exatcly what a book like this needs.

reccomended ...

Rating:
Summary: Thoroughly impressed
Review: The definitive reference on SSL and TLS. If you rely on SSL/TLS, need a way to secure communications channels of some system, or are just curious about the protocol, this is the book for you. The author has a very clear and down-to-earth writing style that makes the technical material easy to follow, and the diagrams and protocol traces help make the workings of the protocol more concrete. As a result, it is easier to follow, and gives more practical details, than the RFCs. This one is staying on my shelf.

Rating:
Summary: Little more than a manual
Review: This book gives a very poor guide to the context of SSL/TSL such that there is effectively no security guide to help orient the reader. Perhaps the author is not good at teaching. It reads rather like a manual, which is what it is IMO, except that it is not quite as formal. Perhaps the book could have redeemed itself if it were a little more engaging than a dead fish, perhaps a few red-herrings to keep us going. I was very disappointed. I expect books to be more than just manuals.

All in all this book may be useful only to SSL implementors with an already excellent understanding of security/encryption. There is nothing else here, in my opinion. If you don't intend to write your own SSL implementation, or your understanding of encryption/security is weak, then don't buy this book.

What was I looking for : I wanted to take the next step in understanding security/encryption after reading the original PGP security guide. In other words this is an outsiders perspective.

Rating:
Summary: I could have bought a printed RFC!
Review: This book is definitely not deep going. It is just a crippled reprint of the RFC. I bought this book to get a better understanding of Record Layer / and transfered data, but this book does not show a complete dump to picturize this. The book uses dumps of SSLDump a program by the author, based on OpenSSL.
I found three errors as well, differences to the RFC2246, these errors in VERY important parts of the book (In one paragraph the author says that the length in the record header is 3 bytes, at another he says 2 bytes; at one position the order of parameters is A B C, at another point the order is A C B). How can a user implementing SSL be sure which way to take? With no real byte dump this is quite worthless. And sorry, i won't download SSLdump, install a c compiler, get openssl and configure everything just to use the authors SSLdump to get a full dump, if this is possible with the program, i don't know.
My suggestions: Find a book with a full byte dump of SSL records, not just the important parts, stick to the RFC, the RFC tells you more about SSL, written in the same way.
Sorry.

Rating:
Summary: Great reference book
Review: This is a great book. Well written, good diagrams, very good overview as well as detailed data dump of the protocol. I highly recommend.

Rating:
Summary: Everything about SSL/TLS from top to bottom
Review: This is perhaps the best technical book I have ever read.
It explains SSL/TLS all the way from the overall concepts
down to the raw bytes, and everything in between. It is
written very clearly and readably. When I was making my
company's products use SSL/TLS, it was invaluable. I
could not recommend it more highly.

Rating:
Summary: Everything about SSL/TLS from top to bottom
Review: This is perhaps the best technical book I have ever read.
It explains SSL/TLS all the way from the overall concepts
down to the raw bytes, and everything in between. It is
written very clearly and readably. When I was making my
company's products use SSL/TLS, it was invaluable. I
could not recommend it more highly.