Secure Coding mailing list archives
Secure programming with the OpenSSL API, Part 2: Secure handshake
From: "Kenneth R. van Wyk" <Ken () krvw com>
Date: Wed, 11 May 2005 13:33:52 +0100
FYI, there's a new(ish) article by Kenneth Ballard out on IBM's developerWorks site, on the topic of secure use of OpenSSL. It's actually part 2 in a series, but there's a pointer there to part 1 also. The abstract follows, along with the URL to the full article: Securing the handshake during a Secure Sockets Layer session (SSL) is vital, since almost all of the security involving the connection is set up inside the handshake. Learn how to secure the SSL handshake against a man in the middle (MITM) attack -- in which the intruding party masquerades as another, trusted source. This article also introduces the concept of digital certificates and how the OpenSSL API handles them. http://www-128.ibm.com/developerworks/linux/library/l-openssl2.html?ca=dgr-lnxw02SecureHandshake Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
Current thread:
- Secure programming with the OpenSSL API, Part 2: Secure handshake Kenneth R. van Wyk (May 11)