Skip to main content
Engineering LibreTexts

12-B.8: OpenSSL / VPN

  • Page ID
    42883
  • OpenSSL

    OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol formerly known as the Secure Sockets Layer (SSL) protocol. The protocol implementation is based on a full-strength general purpose cryptographic library, which can also be used stand-alone.

    The OpenSSL toolkit includes:

    • libssl - an implementation of all TLS protocol versions up to TLSv1.3 (RFC 8446).

       

    • libcrypto - a full-strength general purpose cryptographic library. It constitutes the basis of the TLS implementation, but can also be used independently.

       

    • openssl - the OpenSSL command line tool, a Swiss army knife for cryptographic tasks, testing and analyzing. It can be used for:
      • creation of key parameters
      • creation of X.509 certificates, CSRs and CRLs
      • calculation of message digests
      • encryption and decryption
      • SSL/TLS client and server tests
      • handling of S/MIME signed or encrypted mail

    Virtual Private Networks

    VPN & IPSec

    IPsec helps keep private data secure when it is transmitted over a public network. More specifically, IPsec is a group of protocols that are used together to set up secure connections between devices at layer three of the OSI model (the network layer). IPsec accomplishes this by encrypting all messages so that only authorized parties can understand them. IPsec is often used to set up virtual private networks (VPNs).

    A VPN is an Internet security service that allows users to access the Internet as though they were connected to a private network. VPNs encrypt Internet communications as well as providing a strong degree of anonymity. VPNs are often used to allow remote employees to securely access corporate data. Meanwhile, individual users may choose to use VPNs in order to protect their privacy.

    SSL/TLS

    Secure Sockets Layer (SSL) is a protocol for encrypting HTTP traffic, such as connections between user devices and web servers. Websites that use SSL encryption have https:// in their URLs instead of http://. SSL was replaced several years ago by Transport Layer Security (TLS), but the term "SSL" is still in common use for referring to the protocol.

    In addition to encrypting client-server communications in web browsing, SSL can also be used in VPNs.

    DTLS

    Datagram Transport Layer Security (DTLS) is a communications protocol that provides security for datagram-based applications by allowing them to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP rather than TCP, it avoids the "TCP meltdown problem" when being used to create a VPN tunnel.

    Adapted from:
    "Transport Layer Security" by Multiuple ContributorsWikipedia is licensed under CC BY-SA 3.0
    "IPsec" by Multiuple ContributorsWikipedia is licensed under CC BY-SA 3.0
    "Datagram Transport Layer Security" by Multiuple ContributorsWikipedia is licensed under CC BY-SA 3.0

    • Was this article helpful?