The recent reporting of critical crypto bug better known as ‘Heart bleed’ has made Open SSL popular once again, although for a wrong reason this time, but nevertheless this free license project involving SSL and TLS continues to be favorite technology for the web developer fraternity. This universal license secure socket layer and latest transport layer security is a primary cryptographic library, protocol tool used to render communication security over the web. Most of the core library of this application has been written in C programming, which gives a unique adaptability aspect for debugging and correctional patches.
The Open SSL is a default encryption facility for Apache, nginx and likes. This application is currently facilitating efficient operations of more than two thirds of web portals. The biggest advantage of this SSL (v2/v3) / TLS (v1) implementation is that it is highly portable and can easily fit into the scheme of things in a wide array of OS environments and applications like the Debian Wheezy, Ubuntu, CENTOS, Fedora, Open BSD, Free BSD, and Open SUSE distributions of Linux.
This implementation is currently planning launch, of a latest updated version 1.0.2 which was launched on February 21 2014. The developers also chipped in a minor upgrade, VER 1.0.1g on April 7, 2014. Since the first release of 0.9.1 on 23rd December, 1998, numerous versions have been released almost every year. The future releases were christened as 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7. And 0.9.8.
VER 1.0.0. was released on March, 2010
The VER 1.0.1 was launched with substantial improvements, and enhancements including
- RFC 6520 TLS/DTLS heartbeat and SCTP assistance
- RFC 5705 TLS key material exporter
- RFC 5764 DTLS-SRTP negotiation
- Next Protocol Negotiation and penetration
- PSS signatures in certificates, requests and CRLs
- Support for password based recipient info for CMS
- Support TLS v1.2 and TLS v1.1.
- Preliminary FIPS capability for raw 2.0 FIPS module.
- SRP support.
This implementation, has been envisaged as a gigantic project, and it has actually been materialized with help of synergy of expertise on a worldwide scale. The project today has developed into a powerful and a sturdy general purpose cryptography library, and open source toolkit that is fully featured, equipped and is highly adaptable to commercial viability aspect. There are several professionals working on this project across the world who are constantly in touch with each other, and are continuously working to keep this implementation functioning smoothly. Although, recent event of bug reporting has exposed, the vulnerabilities of this implementation, but the Open SSL team is working on it to find a suitable patch to rectify this serious security issue.
The most amazing fact about this implementation is, that this project has a very meager budget of only $ 1 million annually. What started as an endeavor to facilitate encryption of websites and user data across the Web has turned out to be the most important tool of internet security and it is being currently used by global internet giants like Google, Facebook and Dropbox, etc. for online communications.
The advantage offered by this application lies in use of asymmetric cryptography certification process (X.509 certificates). This process helps the people to communicate safely with others and exchange the symmetric key. Both the keys generate a session key which facilitates free flow of encrypted data between the two nodes (people communicating with each other). The process greatly enhances the confidentiality factor, and also allows an easy transfer of authentication codes for sustaining the secrecy and authenticity of messages. Several versions of these tools are being used by internet users for browsing, sending emails, Internet faxes, instant messages, and voice-over-IP (VoIP), etc…
The Open SSL uses a wide array of symmetric and asymmetric cryptographic algorithms including
Cipher suites – The encryption algorithm, put to use in SSL/TLS porting, is penetrated during the handshake. The client transfers valid cipher suites to the server. The server selects the most suitable.
A cipher suite is an ordered list of elements which illustrate the algorithms, to be used for authentication, key exchange, bulk encryption and cryptographic digest. AES is one of primary elements of this algorithm
- AES – The Advanced Encryption Standard is the standard specification, for encryption of electronic data as defined by National Institutes of standards and technology, USA. It has been written and designed on principle of substitution-permutation network, and it works effectively in both software and hardware.
- Other elements of ciphers include Camellia cipher suites from RFC4132, extending TLS v1.0
- SEED cipher suites from RFC4162, extending TLS v1.0
- GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0
- Additional Export 1024 and other cipher suites
- Elliptic curve cipher suites.
- TLS v1.2 cipher suites
- Pre shared keying (PSK) cipher suites
- Deprecated SSL v2.0 cipher suites.
Cryptographic hash functions
MD5, MD4, MD2, SHA-1, SHA-2, RIPEMD-160, MDC-2, GOST R 34.11-94
RSA, DSA, Diffie–Hellman key exchange, Elliptic curve, GOST R 34.10-2001
This free source secure socket layer arrangement is a dual license facility, i.e. Open SSL license and SSLeay License. Although, both of the licenses are available to the users and developers, but the open source licensing is preferred over SS Leay.