|Source Repository:||No results|
Summary: Full-strength general purpose cryptography library (including SSL and TLS.)
- Support assembly hand optimized crypto functions (i.e. faster run time)
- Disable EC algorithms (as they seem to be patented) -- note: changes the ABI
- Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)
- Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https
- Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https
- Enable the Heartbeat Extension in TLS and DTLS
OpenSSL is a cryptography package used with Package:OpenSSH, web servers, and more. ftps, https, smtps, imaps, etc use SSL/TLS. SSL/TLS is used to prevent man in the middle attacks on plain text streams of data. As this is a security package it is frequently cycled from testing, & bug repairs.
ssl is old, tls is new. If you have the option to run tls, run tls rather than ssl
# emerge dev-libs/openssl
ssl uses several certificates with differing coverage, and use cases. Certificates are obtained by 3rd party sites. go-daddy, namecheap, and verisign are popular ssl certificate providers, though several others exist.
The general overview is buy certificate, send private files, send extra information if required, get files back, insert files into openssl configs, change program configs ports to S version of the protocol, (as in for web port 80, now listens to port 443, and i address the server as https instead of http now.) reorder the cert next year.
Self Signed Certificates
Free: Self signed certificates are free, self made, quick, easy to setup, and insecure. They are great for lab experiments, and testing out new technologies that you're not familiar with.
Free: (with restrictions) You can get free certificates from places like StartSSL.com. The free certificates from them are not recommended if you are a company or doing E-Commerce as they only validate that you own the domain, not anything beyond that. However, for personal sites, you can't beat the cost.
Single Domain Certificates
Generally $10/yr: Single domain certificates are probably the cheapest ssl certificate you will find on the web. This certificate does not cover subdomains.
Unified Communications Certificate
Generally $300/yr This certificate is meant for small businesses. This type of certificate will generally cover 20-30 domains, sites, or subdomains.
Generally $300/yr Wildcard certificates are expensive, however they cover every subdomain name you add.
Other Misc Certs
- domain validated SSL Certificates
- organization validated SSL Certificates
- Extended Validation SSL Certificates
Using SSL With Nginx or Tengine
See this page: HOWTO:WebServer_SSL