[openssl-users] [ANNOUNCE] OpenSSL Cookbook 2nd Edition released

Ivan Ristic ivan.ristic at gmail.com
Tue Mar 3 19:14:50 UTC 2015

Today I'm releasing the second edition of OpenSSL Cookbook, my free
OpenSSL book. This edition is a major update, with improvements to the
existing text as well as new content. This new edition has about 95
pages, which is an increase of about 35 pages comparing to the previous

Get it here: https://www.feistyduck.com/books/openssl-cookbook/

Here’s a brief overview of what’s new:

- New chapter "Testing with OpenSSL", which focuses on secure server

- New section "Recommended Configuration", which contains a list of
recommended cipher suites. I now prefer to configure OpenSSL by
explicitly listing all the suites I wish to enable.

- New section "Creating a Private Certification Authority", which
contains a step-by-step guide to creating and deploying a private CA.

- Updated "SSL/TLS Deployment Best Practices" to v1.4. Important changes
in this version include SHA1 deprecation and SSL v3 weaknesses (POODLE).

Another important improvement is that I am switching from updating
OpenSSL Cookbook once in a while (the previous edition was released in
October 2013) to making small changes as the need arises. There still
might be further editions, but only when and if new content is added.

OpenSSL Cookbook draws from the content written for my bigger work,
Bulletproof SSL and TLS. If you’re looking for a complete guide to the
world of SSL/TLS and Internet PKI, give this bigger book a try.

That said, the main goals of OpenSSL Cookbook are to be useful, short,
and contain documentation for everything you might want to do with
OpenSSL as a user (i.e., no programming). If you’re looking for
something and you can’t find it in this book, please get in touch to
propose improvements.



More information about the openssl-users mailing list