Cryptography Reference
In-Depth Information
perror( “Error closing client connection” );
return 2;
}
return 3;
}
http_get( client_connection, path, host
, ssl
);
display_result( client_connection
,
ssl
);
SSL_CTX_free(ctx);
if ( close( client_connection ) == -1 )
You should have no trouble understanding the OpenSSL library after read-
ing through the rest of this topic; in fact, the source code itself should begin to
make a lot of sense to you as well.
Final Thoughts
Of course, the challenge is to ensure that TLS is implemented in a secure way —
it's not enough to just use TLS. You must ensure that no sensitive information is
leaked, that random numbers are properly seeded, and that private keys remain
private, hidden behind secure passphrases. I can't count how many times I've
seen a perfectly secure implementation rendered useless by a plaintext con-
fi guration fi le, containing the private key passphrase, checked into the source
code control system.
The only advice I can offer here is to look at your application as an attacker
might. An attacker always goes for the weakest part of your defense; so most
likely the part that you've focused the most effort on securing is of the least
interest to a smart attacker.
Finally, though, accept that security is ultimately a trade-off. They say that
no home security system can keep out a determined intruder. The same is true
of software security. You must balance security with usability. As long as that
tradeoff is made deliberately, conscientiously, and collaboratively, with proper
documentation, you've struck a decent balance; with any luck, malicious intrud-
ers will move past your system for lower-hanging fruit.
Search WWH ::
Custom Search