FYI, there's a new(ish) article by Kenneth Ballard out on IBM's developerWorks site, on the topic of secure use of OpenSSL. It's actually part 2 in a series, but there's a pointer there to part 1 also. The abstract follows, along with the URL to the full article:
Securing the handshake during a Secure Sockets Layer session (SSL) is vital, since almost all of the security involving the connection is set up inside the handshake. Learn how to secure the SSL handshake against a man in the middle (MITM) attack -- in which the intruding party masquerades as another, trusted source. This article also introduces the concept of digital certificates and how the OpenSSL API handles them. http://www-128.ibm.com/developerworks/linux/library/l-openssl2.html?ca=dgr-lnxw02SecureHandshake Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com