SSL is Secure Sockets Layer, the most common security protocol used in networks around the world. TLS is Transport Layer Security, its more modern counterpart. Although its primary use is securing Web traffic, SSL (along with TLS) is suitable for and widely used to secure other services, including LDAP (directory access) and e-mail. Securing all this traffic has highlighted sophisticated security problems and their solutions, and so a thorough understanding of SSL and TLS is essential for the construction of secure systems.
SSL and TLS: Designing and Building Secure Systems offers clear and comprehensive descriptions of these security protocols and their implementation, and also provides "designs"--tried and true templates that suit various scenarios. Armed with this book, you can become well versed in the importance of SSL and TLS, be able to work with them to provide solutions, and furthermore identify an appropriate tested "design" that will solve the security problems of a proposed new network installation.
The book starts with an excellent summary of cryptography, and clarifies what the threat to security is. The next five chapters introduce and elucidate SSL itself, in detail but with great care to carry even the neophyte along, keeping comprehension high. Diagrams and examples are plentiful. The author provides information about how to obtain free tools, including his own helpful "ssldump" which significantly aids the person who wishes to learn how to use, interpret, program and plan implementation of this protocol.
Though SSL and TLS is aimed at the professional who expects to be in constant use of network equipment, this book can be used as a good introduction to security issues confronting computer users, even if you never plan to touch a coax cable. --Wilf Hey
Secure Sockets Layer (SSL) is used in virtually every commercial web browser and server. In this book, one of the world's leading network security experts explains how SSL works -- and gives implementers step-by-step guidance and proven design patterns for building secure systems with SSL. Eric Rescorla also provides the first in-depth introduction to Transport Layer Security (TLS), the highly anticipated, maximum-security successor to SSL. Rescorla starts by introducing SSL's fundamentals: how it works, and the threats it is intended to address. One step at a time, he addresses each key SSL concept and technique, including cryptography, SSL performance optimization, designing and coding, and how to work around SSL's limitations. Rescorla demonstrates TLS at work in SMTP-based Internet security applications. The book includes detailed examples of SSL/TLS implementations, with in-depth insight into the key design choices that informed them. For all network and security designers, enterprise developers, system implementers, and suppliers of Internet security products and services.