Rustam Rakhimov wrote: > Thank for your advises Ger. > So. I'm student, and my major is cryptography. I'm master student and my > faculty name is cryptography and cryptoanalysis. Now I want learn SSL for > create some kind of system. I have some programming skills. > Ok - if you've already got the background in crypto protocols, you should read the RFC on SSL/TLS, and learn how the basic mechanism works, before starting in on any code. Although most of the Math/Crypto programs that I know teach about SSL during your undergrad, as it IS one of the most widely used protocols.
> Now I want learn more about OpenSSL. How I can create module, and may be > there some manual about programming in OpenSSL. I have book "Network > Security with OpenSSL", now I'm on reading process. if you have some another > books or information, please help me. > The O'Reilly book is a good start, and then learn from the mistakes of others - read the SSL code in projects such as mod_ssl, stunnel, and WvStreams. Reading those projects will help you avoid the mistakes of others, and help you implement the SSL/TLS handshaking process correctly using the OpenSSL API. And then, if you really want to delve into the guts and start adding new ciphers and engines, start off by writing the cipher code in straight C, and get that working, and then work on learning the structure of the OpenSSL codebase. And for that, the only way is to spend A LOT of time in front of an editor, tracing in your head how the various calls all chain together, and work. And for it to make any sense, you WILL have to know your crypto fairly well - especially the X.509/RFC5280 stuff, and knowing ASN.1 will probably help you out a lot too, because without the knowledge of the encodings, you WILL be lost. I'll second the "it can take up to 5 years, and you'll still learn a better way to do things" - but, especially if you are ever planning on integrating this work of yours into a commercial project, please do it "correctly" - i.e.: follow all of the relevant standards and conventions as closely as possible, or else you're just going to make life miserable for guys like me :) Have fun. --- Patrick Patterson Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
