Introduction
This document specifies the evaluation of the specifications for OpenSSL. OpenSSL is a powerful commercial-level full-featured toolkit for Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols. It is also a general encryption library. All of the specification, for example, functionality aspects, capacity aspects, intended use aspects, reliability aspects, safety aspects and security aspects are evaluated based on the primer documentation of the application framework. It mainly considers documents that exist in the GitHub repository, which contain areas to be considered project functions.
Functionality aspects
OpenSSL is a software library that protects communications on computer networks from eavesdropping or applications that need to identify that party at the other end. It is widely used in Internet Web servers and serves most websites. OpenSSL includes open source implementations of the SSL and TLS protocols. The core library written in C programming language realizes the basic encryption function and provides various practical functions. You can use wrappers that allow OpenSSL libraries to be used in various computer languages.
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Test the protocol for upgrading to SSL. When used with HTTP, TLS wraps the entire plain text communication channel into HTTPS. Some other protocols begin in clear text, but then escalate to encryption. If you want to test such a protocol, you must tell OpenSSL which protocol it is so that it can be upgraded on your behalf. Use the-STARTTLS switch to provide protocol information.
Sometimes, when you try to use the OpenSSL test server, even if you know that the server supports TLS, you may fail to try to communicate with the server (for example, when you try to use a browser, you can see that TLS is working).
One reason this can happen is that the server does not support older SSL 2 handshakes. Because OpenSSL tries to negotiate all the protocols it understands, and because SSL 2 can only negotiate with the old SSL 2 handshake, it uses this handshake as the default value. Even if it is associated with a very old and unsafe version of the protocol, the old handshake format is not technically unsafe. It supports upgrades, which means a better agreement can be negotiated.
Capacity aspects
Test Password Suite Support. If you want to use OpenSSL to determine whether a remote server supports a specific password suite, you need a trick. The password configuration string is designed to select the suite you want to use, but if you specify only one suite and successfully shake hands with the server, you know that the server supports the suite. If the handshake fails, you know that support does not exist.
Intended use aspects
A large number of changes are expected to be made in the future architecture. The migration path used to process the final transformation is provided.
OpenSSL 3.0. version 0 has the least impact on most existing applications, and almost all well-performing applications only need to be recompiled. The current functionality provided by the engine interface will be replaced over time through the provider interface. OpenSSL 3.0.0 will continue to support the engine. The architecture of the future will not be fully implemented until the earliest OpenSSL 4.0.0.
Reliability aspects
Under the General software application framework, maintenance is the modification of software products after delivery to correct errors, improve performance, or expand functionality. But for the OpenSSL test framework, it is an open source. Updates and patches will make it available to users to continuously update the framework to maintain the performance of the desired output target. In addition, the OpenSSL development team will continue to provide version update patches.
Safety aspects
Testing BEAST Vulnerabilities. The BEAST attack takes advantage of weaknesses in the TLS protocol prior to all versions of SSL and TLS 1.1. Weaknesses affect all CBC suites as well as client and server data streams; However, the BEAST attack is only for clients. Most modern browsers use so-called 1/n-1 split as a workaround to prevent utilization, but some servers continue to deploy mitigation at their end, especially if they have a user base that relies on older (and unpatched) browsers.
Security aspects
The ideal mitigation method is to rely only on TLS 1.1 and better methods, but these newer protocols have not yet received sufficiently broad support. As the RC4 itself is now considered unsafe, the situation becomes complicated.
Accessibility
Available for most Unix and Unix-type operating systems, including SOLARIS, LINUX, MACOS, QNX and various open source BSD operating systems, OpenVMS and Microsoft Windows versions.
Roles and Responsibility
The OpenSSL project is managed by the OpenSSL Management Committee (OMC) and is defined by the project Charter. The OpenSSL Software Foundation is a Delaware State (United States) non-profit company that represents it in most legal and official capacity, and the company has its own charter as a legal document.
Internationalization
Internationalization is not mentioned in the OpenSSL Project specification. However, most programming languages are written and used in English. And now there are many translation software or websites, documents and other related forums that can be converted in multiple languages to disseminate knowledge and attract users to gain more knowledge about the OpenSSL test framework.
Summary of findings
After use the OpenSSL. I found a lot of novel features and test methods including testing needs to SNI the server, test session reuse, check OCSP undo, check CRL revocation, test renegotiation, Test Heartbleed. And then here the bread contains most of the functions I cannot understand and understand, need more time to study and study. But these tests are enough to show that OpenSSL is a powerful and safe tool.
References
- Ivan Ristić. June 2017. Bulletproof SSL and TLS. Retrieved from: https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html
- OpenSSL. Retrieved from: https://en.wikipedia.org/wiki/OpenSSL
- OpenSSL Management Committee (OMC). January 2019. OpenSSL Strategic Architecture. Retrieved from: https://www.openssl.org/docs/OpenSSLStrategicArchitecture.html
Cite This Work
To export a reference to this article please select a referencing style below: