SSL & TLS Essentials: Securing the Web

By the way, there is some mistake in the book.

Page 48, Figure 3.3: The 'pending read state' is not copied to 'actual read state' upon receiving a change cipher spec(message number 6) from the client. Fortunately, it is correct in page Page 50, Table 3.6, step 6.

Rating:
Summary: Good programmers SSL/TLS reference
Review: Anyone who has ordered a book from Amazon.com or made a stock trade via an online broker has used SSL, or Secure Socket Layer. SSL, created by Netscape for managing the security of transmissions on the Internet, is a method of encrypting sensitive data. The "socket" part of the term refers to the sockets network transmission method of passing data back and forth between a client and a server program on a network. SSL is ubiquitous; it is an essential part of every browser shipped today.

SSL and TLS (Transport Layer Security) are essentially the same protocol. While SSL was originally designed by Netscape, the company has since offered SSL as a proposed standard protocol to the World Wide Web Consortium and the Internet Engineering Task Force, and it has since been renamed TLS.

SSL and TLS Essentials provides a thorough look into the inner workings of SSL. The book assumes a basic understanding of cryptography and gets right into the nitty-gritty of SSL functionality. The book is designed for those who need an in-depth and comprehensive look at the inner workings and mechanics of SSL, such as system administrators of e-commerce systems or SSL programmers.

This review of mine originally appears at http://www.securitymanagement.com/library/000934.html

Rating:
Summary: Good overview, no samples, little HTTP detail, poor dev supp
Review: I got this book to enable SSL support for a custom built web server and web proxy. There are no SSL conversation samples in this book, although conversations are documented and the details are described. There is also very little help for HTTP-specific scenarios (everyone knows HTTP is the biggest user of SSL), especially HTTP proxy servers, documenting any gotchas and how-tos. I'm having a heck of a time getting my proxy server written in Java to facilitate communications between the web server and the web client--one is sending an unexpected EOF and killing the conversation, and I don't know why. The client handshakes and recieves a certificate, but fails to reconnect and handshake again while using the newly recieved certificate. This book doesn't help me in this matter at all. If it's documented in here, it's buried in too much text, blabbering, and descriptions, and is not properly indexed or diagramed, etc. I've spent days trying to get past this road block, and this book was my last hope, but unfortunately didn't provide much hope at all.

This book would be best accompanied with a code samples guide.

Rating:
Summary: Good overview, no samples, little HTTP detail, poor dev supp
Review: I got this book to enable SSL support for a custom built web server and web proxy. There are no SSL conversation samples in this book, although conversations are documented and the details are described. There is also very little help for HTTP-specific scenarios (everyone knows HTTP is the biggest user of SSL), especially HTTP proxy servers, documenting any gotchas and how-tos. I'm having a heck of a time getting my proxy server written in Java to facilitate communications between the web server and the web client--one is sending an unexpected EOF and killing the conversation, and I don't know why. The client handshakes and recieves a certificate, but fails to reconnect and handshake again while using the newly recieved certificate. This book doesn't help me in this matter at all. If it's documented in here, it's buried in too much text, blabbering, and descriptions, and is not properly indexed or diagramed, etc. I've spent days trying to get past this road block, and this book was my last hope, but unfortunately didn't provide much hope at all.

This book would be best accompanied with a code samples guide.

Rating:
Summary: Good book on SSL
Review: I thought this book gives a very good intro to SSL as well as getting in depth. It's organized in four parts the first being a high level overview. Each part gets more in depth until the fourth part where you actually see some of the bytes being sent across the wire. This is the only book on SSL that I've been able to find. It does not go in depth on the cryptography side, but if you need to know how the protocol works, it's a great reference. I've been working with SSL libraries for over a year and this book offered a great explanation. I've recommended it to coworkers as an intro to the technology and they've come up to speed very quickly.

Rating:
Summary: Great book for anyone who want to Use SSL & TLS
Review: I'm new in Network programming and I'm very interested in
Internet programming so, i wanted to start with some internet protocols like HTTP <I have got this one too called"HTTP Essentials: Protocols for Secure, Scaleable Web Sites
by Stephen Thomas "> if u r interested you should go ahead and buy this book

Rating:
Summary: Great book for anyone who want to Use SSL & TLS
Review: I'm new in Network programming and I'm very interested in
Internet programming so, i wanted to start with some internet protocols like HTTP by Stephen Thomas "> if u r interested you should go ahead and buy this book

Rating:
Summary: Excellent book for fundamentals of SSL
Review: It has been an eye-opener for me in understanding the concepts of SSL. A must read book for people to get a head start with SSL.

Rating:
Summary: Excellent book on SSL
Review: This is currently the only book available on the subject, and fortunately it may the only one you will need !

Not only does it explain the SSL protocol thoroughly but also contains invaluable sections of the X.509 certificate and ASN.1

The parts I found most useful were the discussion of the differences between TLS 1.0 and SSL 3.0, and the discussion of international step-up certificates.

Rating:
Summary: Excellent book on SSL
Review: This is currently the only book available on the subject, and fortunately it may the only one you will need !

Not only does it explain the SSL protocol thoroughly but also contains invaluable sections of the X.509 certificate and ASN.1

The parts I found most useful were the discussion of the differences between TLS 1.0 and SSL 3.0, and the discussion of international step-up certificates.