This is an HTML rendering of a working paper draft that led to a publication. The publication should always be cited in preference to this draft using the following reference:

The document's metadata is available in BibTeX format.

Find the publication on Google Scholar

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Diomidis Spinellis Publications

Copyright © 2002 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or

Book review: SSL and TLS: designing and building secure systems

Diomidis Spinellis
Athens University of Economics and Business

Rescorla, Eric
SSL and TLS: designing and building secure systems
Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2001
499 pp. ISBN 0-201-61598-3

The Secure Sockets Layer (SSL) is, according to the book's author, the most widely deployed security protocol in the world. It forms part of most commercial Web browser and servers, used to protect the millions of Web e-business transactions taking place all over the world. SSL encompasses the security aspects of confidentiality, message integrity, and endpoint authentication (the non-repudiation of a data exchange is notably not covered by SSL). The SSL cryptographic building blocks are simple: encryption renders data unreadable to those who do not have access to the appropriate key, message digests convert messages into a fixed length string with a low probability of collisions, and public-key cryptography is used to overcome problems related to the key distribution. As is often the case, the devil is in the details. Rescorla, lucidly explains the functional and non-functional properties of the concrete algorithms used in practice to implement the various cryptographic primitives, and, based on them, constructs a toy security protocol. Moving from the toy protocol to its realisation in SSL, Rescorla guides us through the protocol's design goals, history, and current practice.

SSL was originally designed by Netscape to secure transactions in the Web environment. It sits between the network's transport layer (almost always TCP) and applications securing each application's network communications by a providing an application programming interface consciously modelled after the Berkeley socket interface. The original SSLv2 release of the protocol was followed by Microsoft's PCT offering and the widely deployed SSLv3 version providing security enhancements, an authentication-only mode, and additional options for handshaking and the handling certificate chains. SSLv3 was then modified and officially standardised by the Internet Engineering Task Force (IETF) as the Transport Layer Security (TLS) standard which was in-turn extended by the WAP forum to provide wireless support in the form of WTLS. The author's participation in the relevant standardisation bodies allows him to create a coherent historical picture out of a convoluted evolution path.

By far the greatest strength of the book are the clear explanations of the SSL protocol. Rescorla uses a custom-crafted software tool to create annotated dumps of actual SSL exchanges. He uses those to explain handshaking, key derivation, and advanced aspects such as client-authentication (most exchanges only authenticate the server), kerberos, and fortezza implementations.

Security is a process, not a product. Rescorla, having implemented a complete SSL suite, uses his experience to outline common security pitfalls and ways to guard against known attacks. SSL is known to provide a heavy performance load on servers. The author's experience comes here again into play providing a number of tips for enhancing the throughput and reducing the latency of SSL-implementations. Particularly useful are tables where specific performance characteristics of various cryptographic algorithms are compared against each other in real-life situations.

Separate book chapters cover design and coding issues, as well as the specific techniques related to running the HTTP and SMTP protocols over SSL. The book ends with a well-balanced discussion of other approaches to network security: IPSec, secure HTTP, and S/MIME. Appendix sections contain example code based on the free OpenSSL and PureTLS toolkits and an overview of the-thankfully deprecated-SSLv2. The text is judiciously supported by references, which are provided in annotated form as a bibliography, and a comprehensive index.

The book provides essential guidance to anyone wishing to design or implement SSL or TLS-based artefacts. While some explanations are occasionally opaque and the section outline sometimes confusing, the book is on the whole very readable and can be used both as a tutorial guide to SSL and as a reference. It forms an essential offering to the practice of network security.