Printable View
I have heard the rumors that the new version of an OpenSSL is better to use in order to get the best security vulnerabilities. Though I have never used any version of an OpenSSL but I am looking forward to use them now so I better know everything about it. Can you guys help me to know all the new things that are added in the new version of an OpenSSL and which version is the best one to use? I am running Windows XP on my machine.
Aftera decade of development, the project finally goes OpenSSL milestone of version 1.0. This open source implementation of the encryption protocol TLS / SSL is recognized for its technical level. This new version, considered major by its creators, provides a range of new features . Thus, OpenSSL now has a new hash algorithm, Whirlpool, which is free of law and represents an alternative to MD5 and SHA-1. The Russian Gost algorithm has also been incorporated. Moreover, developers have renewed the API public key management and changed the format for storing private keys.
One feature that many users are often unaware of the presence of the OpenSSL toolkit in FreeBSD. OpenSSL provides a transport layer data encrypted over the communication layer, allowing it to be linked to many services and applications network. Applications of OpenSSL can be encrypted authentication of mail clients, transactions via the Web as payment by credit card and much more. Numerous Ports like www/apache13-ssl and mail / sylpheed-claws offer support for OpenSSL in their compilation. In most cases, the Ports will try to compile the port security / openssl unless the variable make (1) WITH_OPENSSL_BASE is explicitly set to "yes". The version of OpenSSL coming with the FreeBSD offers network security protocols Secure Sockets Layer v2/v3 (SSLv2/SSLv3) and Transport Layer Security v1 (TLSv1) which would be able to utilize as an encryption library for general use.
Most of the time OpenSSL used in order to provide certificates for use with software applications. These certificates ensure that references to the company or individual are valid and not fraudulent. If the certificate in question has not been verified by a number of "certification authority" ("Certificate Authorities") or CA s, a warning is usually generated. A CA is a company like VeriSign , which will sign certificates to validate the credentials of individuals or corporations. This process is costly and not required to use certificates, however this will put more at ease the most paranoid users.
New extension exercises the functions of OpenSSL for creation and confirmation of the signatures to seal (encrypt) or open (decrypt) the data. OpenSSL provides lots of features that older modules were not containing. Few of these might get supplemented in the future. To utilize the OpenSSL functions you have to install the OpenSSL. PHP from version 4.0.5 and 4.3.1 work with OpenSSL> = 0.9.5. Other versions (PHP <= 4.0.4pl1 and> = 4.3.2) require OpenSSL> = 0.9.6.
In addition, if you plan to generate keys and sign messages, you must install a valid openssl.cnf on your system. Since PHP 4.3.0, a simple configuration is included in the openssl folder of the Windows distribution. If you are using PHP 4.2.0 or older, and that these files are missing, you can download the OpenSSL site or downloading files to PHP 4.3.0.
Note to Win32 Users: PHP will search for the openssl.cnf following the following tactics: OPENSSL_CONF environment variable, if defined, will be used as the path (including filename) to the configuration file.
SSLEAY_CONF environment variable, if defined, will be used as the path (including filename) to the configuration file. The file openssl.cnf will be assumed to be in the default certificate area, as configured at compile openssl library. This usually means c: \ usr \ local \ ssl \ openssl.cnf. In your installation, you need to decide if you will install the file in c: \ usr \ local \ ssl \ openssl.cnf or whether you will do it elsewhere and configure an environment variable (possibly virtual site). Note that it is possible to replace the default path using the configargs functions that require a configuration file.