Transcript OpenSSL - Franklin University

OpenSSL
{
By: Nicholas Van Pelt
Franklin University
ITEC-400
{

SSL and TLS are security
protocols

Helps manage authentication,
and encryption

Establishes an encrypted link
between a server and a client—
typically a web server

Utilizes PKI and digital
certificates for “handshake”

Utilizes shared key technology for
remainder of exchange

HTTPS ==HTTP protocol over
SSL/TLS

TLS is considered the successor of
SSL and is widely implemented
but many still use SSL as a
general term referring to one or
both
What is SSL/TLS ?

OpenSSL is an open source tool for using the Secure Socket Layer
(SSL) and Transport Layer Security (TLS) protocols

Development started in 1998, currently on version 1.0.2g (stable).

OpenSSL is an open source project that provides a robust,
commercial-grade, and full-featured toolkit

Toolkit is licensed under an Apache-style license, which basically
means that you are free to get and use it for commercial and noncommercial purposes subject to some simple license conditions.

OpenSSL is written in C

Estimated 66% of all web servers use OpenSSL
What is OpenSSL ?



Free to use (https://www.openssl.org/source/)
Highly Configurable
Includes a command line utility that can be used to
perform a variety of cryptographic functions including:








Generation of RSA private keys
Certificate Signing Requests(CSRs)
Checksums
Managing Certificates
Encryption/Decryption
Encoding
Wrappers can be used to allow OpenSSL to be
compiled in languages other than C
Open source means generally better security and
quicker development
Added Benefits of
OpenSSL

Heartbleed – 2014
 Fixed with version 1.0.1g




Estimated to affect at least half a million secure web
servers on the Internet
Exploited TLS heartbeat extension leading to
memory leaks in 64KB chunks
Leaked data allows attackers to eavesdrop on
communications and steal data
For a more comprehensive list visit of known
vulnerabilities visit
https://www.openssl.org/news/vulnerabilities.html
Well Known
Vulnerabilities
Comodo CA. (2016). Description of SSL. Retrieved April 4, 2016, from
https://www.evsslcertificate.com/ssl/description-ssl.html
OpenSSL. (n.d.). Retrieved April 04, 2016, from
https://www.openssl.org/
Orsini, L. (2014, April 08). What You Need To Know About
Heartbleed, A Really Major
Bug That Short-Circuits Web Security - ReadWrite. Retrieved April 04, 2016, from
http://readwrite.com/2014/04/08/heartbleed-openssl-bug- cryptography-web-security/
TechTarget. (2014, April). What is OpenSSL? - Definition from WhatIs.com. Retrieved
April 05, 2016, from http://whatis.techtarget.com/definition/OpenSSL
TechTarget. (2014, November). What is Secure Sockets Layer (SSL)? - Definition from
WhatIs.com. Retrieved April 04, 2016, from
http://searchsecurity.techtarget.com/definition/Secure-Sockets-Layer-SSL
Resources
That’s All Folks
Thank You