OpenSSL is a great open-source toolkit that I have been using in implementing a prototype for COCA. The value of OpenSSL is far beyond  an implementation of SSL and TLS. For example, COCA utilizes functions provided by OpenSSL at many different layers:

• COCA employs OpenSSL for setting up SSL connections between two servers to transfer confidential information. COCA also relies on OpenSSL functions for handling keys and certificates.

• COCA uses cryptographic functions, such as message digest and digital signatures, implemented by OpenSSL, for maintaining message integrity. 

• COCA builds new cryptographic module, such as secret sharing, threshold cryptography, verifiable secret sharing, and proactive secret sharing, based on the big number library provided by OpenSSL.

• COCA implements message marshaling and un-marshaling on top of OpenSSL ASN.1 utilities.

One shortcoming of OpenSSL is its lack of documentation, although the situation is gradually improving. The following are some of the web sites that provide useful information on OpenSSL and on related issues. 

• The Official OpenSSL Web Page

This is where you can download OpenSSL. FAQ is also a good place to start. The web page also contains an incomplete but growing documentation section. The mailing lists (especially openssl-users and openssl-dev) contain a ton of useful information on OpenSSL internals and applications, although finding what you want might not be trivial. 

• Dr Stephen N Henson's Home Page

This is the homepage of a core member of the OpenSSL development team. There are answers to some interoperability questions.

• SSLeay documentation by Ariel T. Glenn

A quite extensive (but not complete) documentation of SSLeay, the predecessor of OpenSSL. Most of the documentation still applies, but be aware of the changes.

• Introducing SSL and Certificates using SSLeay by Frederick J. Hirsch

An introduction of SSL and related concepts with examples using SSLeay.

• Introduction of SSL from Netscape

An introduction on how SSL works.

• Information on SSLeay

SSLeay is the origin of OpenSSL.

• PKCS Standards

Public key cryptography standards provide specifications that should be conformed by public key cryptography implementations (e.g., OpenSSL).

• X.509

A great practical guide on X.509.

Last Updated on December 27, 2001. Please send your comments to ldzhou@cs.cornell.edu.