OpenSSL-SDK

About SSL/TLS

Secure Socket Layer (SSL), and its newer revision, Transport Layer Security (TLS), are the de-facto standard used to end-to-end encrypt and verify any website traffic deemed worthy of encryption. This includes specifically credit card purchases and bank sites but it may also be used on any site requesting a password or dealing with personal information. SSL and TLS use public key encryption.

The most recent draft of the SSL 3.0 specification was published in November of 1996 by Netscape. The intent was to be a “security protocol that provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.” The goals included cryptographic security, interoperability, extensibility, and relative efficiency.

Interoperability was a goal so that applications could be written to the standard and expected to work with any other applications written to the standard. Interoperability, it was noted, does not imply that two programs will always be able to connect. One might not have the correct algorithm support or credentials necessary for the connection to the other.

Extensibility was descried as providing “a framework into which new public key and bulk encryption methods can be incorporated as necessary.” It was noted that this should prevent the need to implement a new security protocol entirely should a weakness be found in one of the current encryption methods.

SSL 3.0 was the basis for the TLS 1.0 (RFC 2246) specification published by the Internet Engineering Task force (IETF) in 1999. The TLS 1.0 specification described itself as being similar to but not backwards compatible with the SSL 3.0 specification. It did include a fallback mechanism for SSL 3.0 if TLS was not available.

The IETF made some small changes and clarifications and published RFC4346 in 2006 detailing TLS 1.1. There is currently a working draft for TLS 1.2 (RFC Draft 4346) which expires in September 2007.

SSL is a layered protocol. It is located above a reliable transport layer, such as TCP, and below an application layer. However, SSL is not TCP\IP dependant and can run under other application protocols. It takes applications' data to be sent, fragments it into manageable blocks, compresses it (optionally), applies a Message Authentication Code ( MAC ) to the data, encrypts it and then transmits the result. When data is received, the reverse process occurs: the data is decrypted, verified, decompressed, reassembled and then delivered to the application layer. The SSL protocol consists of two major layers: SSL Handshake protocol and SSL Record protocol. In addition, there are two other elements: SSL Change Cipher Spec Protocol and SSL Alert Protocol. The Handshake and the latter two components are responsible for the management of SSL communication setup and security parameters. The SSL Record Protocol is the lowest layer of the SSL protocol stack and all the other parts, including application data, operate on top of it.

About OpenSSL

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

About This SDK Document

This OpenSSL-SDK is based on OpenSSL 0.9.8h Documents .

OpenSSL is a very excellent network security Software Development Toolkit, many software uses it as the security base and includes it in the software. Our Deva xFTP software also includes it as the security communication mechanism.

Because OpenSSL project has not supplied the comprehensive development SDK, there is no Index and Search function in the OpenSSL Project Web site, so when we using OpenSSL to develop software, we edited this OpenSSL Development SDK. For helping other developers to using OpenSSL conveniently, We upload this document to our Web site http://www.miscosoftware.com . Everyone can free download it from this site.

Download OpenSSL-SDK(chm)