Subj : Re: documents for openssl To : comp.programming From : mwojcik Date : Tue Oct 11 2005 08:55 pm In article <1128934221.915156.183080@z14g2000cwz.googlegroups.com>, "realm520@gmail.com" writes: > i begin to learn openssl ,who can give me some links of online > tutorials. > the documents on www.openssl.org is not good enough. I don't know of any better ones online than those at openssl.org (or linked to from there). I will say, however, that OpenSSL is not simple; that communications programming is not simple; and that cryptography and secure communications are very definitely not simple. Trying to learn them on the cheap is a recipe for a fatally insecure application. Unless you're already familiar with the cryptographic technology used in OpenSSL, the security features it attempts to provide, and communications programming in general, you probably need to take a class or read some books (or preferably both). Some classes are quite good (I've had good experiences with Learning Tree for subjects in this general area), but they're not cheap. For books, try Eric Rescorla's _SSL and TLS_: a bit dry, and not specific to OpenSSL, but it covers concepts you must understand to use OpenSSL correctly. The O'Reilly OpenSSL book, by John Viega et al, is supposed to be good, though I haven't read it yet myself. For that matter, some of the chapters in the Howard/LeBlanc/Viega _19 Deadly Sins of Software Security_ discuss SSL and related concepts, and since SSL has only two uses - security and the pretense of security - it's another work that any developer using OpenSSL should have. -- Michael Wojcik michael.wojcik@microfocus.com Memory, I realize, can be an unreliable thing; often it is heavily coloured by the circumstances in which one remembers, and no doubt this applies to certain of the recollections I have gathered here. -- Kazuo Ishiguro .