Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Demystifying Cryptography with OpenSSL 3.0

You're reading from   Demystifying Cryptography with OpenSSL 3.0 Discover the best techniques to enhance your network security with OpenSSL 3.0

Arrow left icon
Product type Paperback
Published in Oct 2022
Publisher Packt
ISBN-13 9781800560345
Length 342 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Alexei Khlebnikov Alexei Khlebnikov
Author Profile Icon Alexei Khlebnikov
Alexei Khlebnikov
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1: Introduction
2. Chapter 1: OpenSSL and Other SSL/TLS Libraries FREE CHAPTER 3. Part 2: Symmetric Cryptography
4. Chapter 2: Symmetric Encryption and Decryption 5. Chapter 3: Message Digests 6. Chapter 4: MAC and HMAC 7. Chapter 5: Derivation of an Encryption Key from a Password 8. Part 3: Asymmetric Cryptography and Certificates
9. Chapter 6: Asymmetric Encryption and Decryption 10. Chapter 7: Digital Signatures and Their Verification 11. Chapter 8: X.509 Certificates and PKI 12. Part 4: TLS Connections and Secure Communication
13. Chapter 9: Establishing TLS Connections and Sending Data over Them 14. Chapter 10: Using X.509 Certificates in TLS 15. Chapter 11: Special Usages of TLS 16. Part 5: Running a Mini-CA
17. Chapter 12: Running a Mini-CA 18. Index 19. Other Books You May Enjoy

What’s new in OpenSSL 3.0?

One major change in OpenSSL 3.0 is its license. A software project does not change its license very often during its lifetime. The OpenSSL project used its BSD-style open source license until version 3.0. Since version 3.0, it uses Apache License 2.0.

OpenSSL 3.0 is a release with big changes in the internal architecture of the library. The architectural changes are not finished and will be continued in OpenSSL 4.0. The concept of OpenSSL operation implementation providers was introduced. A provider is a unit of code that provides the implementation of cryptographic algorithms. The existing OpenSSL cryptography code will mostly be available via Default and Legacy providers. Engines are still supported in OpenSSL 3.0 but have been deprecated in favor of providers. Support for ENGINE API may be removed in OpenSSL 4.0. There is also support for third-party providers that allow independent developers to plug their cryptographic algorithms into OpenSSL.

Another interesting feature of OpenSSL 3.0 is Kernel TLS (KTLS). When using KTLS, an application can create a special TLS socket, similar to a TCP socket. OpenSSL then performs a TLS handshake and hands the negotiated encryption key and other data to the operating system kernel in the form of TLS socket options. Then, the actual data transmission in the TLS protocol is handled by the KTLS code. Such TLS offloading to the kernel can speed up data transmission on high-load systems where performance is important, especially when the kernel can use hardware acceleration for Advanced Encryption Standard (AES) and thus offload the main CPU. Of course, KTLS support is needed both in the TLS library and in the operating system kernel. At the time of writing, only the Linux and FreeBSD kernels support KTLS.

Some other notable changes in OpenSSL 3.0 include the following:

  • Support for the Certificate Management Protocol.
  • A simple HTTP/HTTPS client.
  • Advanced Encryption Standard Galois/Counter Mode with Synthetic Initialization Vector (AES-GCM-SIV) encryption.
  • New Message Authentication Code (MAC) algorithms, such as GMAC and KMAC.
  • New Key Derivation Function (KDF) algorithms, such as SSKDF and SSHKDF.
  • New high-level APIs, such as EVP_MAC, EVP_KDF, and EVP_RAND.
  • Low-level APIs deprecated in favor of newer higher-level APIs.
  • Code cleanup.
  • Error handling reworked.
  • Old insecure algorithms are no longer available at the default security level.
  • Interactive mode has been removed from the openssl command-line tool.

OpenSSL is a solid mature software toolkit, so the most important features are already implemented in it. As a result, the latest changes don’t contain that much new functionality for a lot of users. The latest release focuses on architectural improvements to the library.

While OpenSSL is the most popular crypto/TLS library, it’s not the only one. We’ll compare OpenSSL to its competitors in the following sections.

You have been reading a chapter from
Demystifying Cryptography with OpenSSL 3.0
Published in: Oct 2022
Publisher: Packt
ISBN-13: 9781800560345
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image