Check out the new USENIX Web site. next up previous
Next: IP Security (IPsec) Up: Communications Security Previous: Communications Security

SSL

  In OpenBSD libssl provides a toolkit for the Secure Socket Layer (SSL v2/v3) and Transport Layer Security (TLS v1) [6] which provide strong cryptographic protection for network communication such as server authentication and data encryption. The Secure Socket Layer is currently used by web servers, e.g., Apache as shipped with OpenBSD, and browsers like Netscape Communicator. In the future, applications like telnet and ftp will be converted to use TLS, possibly even during our network installation process.

Due to patent restrictions, libssl in the OpenBSD distribution supports only digital signatures with DSA [27], but an additional package is provided for users outside the USA to add back RSA-signature [19] support. This is implemented by providing two shared libraries: libssl.so.1.0 has only function stubs for RSA support, while libssl.so.1.1 contains full RSA support. Notice that shared library minor-version number changes typically indicate interface-transparent bug fixes.



& D. Keromytis
4/26/1999