Implementing SSL/TLS Using Cryptography and PKI

Joshua Davies

Mentioned 1

In the style of Richard Steven's “TCP/IP Illustrated, Vol. 2” and Maurice Bach's “The Design of the Unix Operating System”, this book will present, along with explanatory text, a complete C-language implementation of SSLv2, TLS 1.0 and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, and certificate parsing and generation. Topics covered: HTTP, HTTPS and HTTP proxy support (including how HTTP proxies interact with SSL) Symmetric cryptography, including DES, 3DES, AES and RC4, along with CBC, OFB, COUNTER and AEAD Public-key cryptography including RSA, Diffie-Hellman key exchange and Elliptic-curve cryptography Digital signature algorithms including RSA, DSA, ECDSA, SHA-1, MD5 and HMAC X.509 Certificates and ASN.1 SSLv2, TLS1.0 (client, server, and extensions), and TLS 1.2

More on

Mentioned in questions and answers.

I am currently trying to implement a tls handshake into a http proxy that I am writing. I know that I could use OpenSSL to do the work for me but I am interested in writing it myself.

I am currently working through the TLS RFC and am confused about how to parse the ClientHello message, particularly the fact that it may or may not have a session ID and that there seems to be a no count on the number of ciphersuites or compression methods.

Does anyone know the best way of doing this?

Take a look at THIS INCREDIBLE BOOK. I had to implement the TLS 1.2 for an embedded system without using any GPL software and this was enormously helpful.