O'Reilly logo
live online training icon Live Online training

Expert Transport Layer Security (TLS)

A Guide Through the Ins and Outs of the Internet's Most Important Protocol

Michael Pound

There are few protocols more central to the modern world than Transport Layer Security (TLS). Evolved over two decades, this protocol underpins almost all communication on the Internet. Beyond web applications, it can also ensure that communication between networked applications remains safe and efficient.

This training course will teach you the fundamentals of TLS, a powerful end-to-end encryption protocol. Much safer than "rolling your own," TLS has certificate authentication built in, which helps verify the identity of either end point — essential, for example, in ensuring that an authenticated server won't send out malware in place of the intended software update.

We'll cover why TLS was created, how it works, and how to use it to transmit data securely within your networked applications. Starting with a description of the protocol, we will highlight the iterative improvements seen since its inception, including the newly released TLS 1.3 specification. We will cover the contribution of each aspect of modern cryptography to the protocol, from symmetric to asymmetric encryption. During the course we will get hands on experience of utilising TLS for client-server applications through hands on exercises. We will cover safe use of certificates and effective key management, and practical tips for ensuring your TLS sessions remain secure. We’ll also gain experience with more advance usage such as mutual authentication and certificate pinning. After this course, you’ll understand how to utilize TLS quickly and effectively within your own applications.

What you'll learn-and how you can apply it

By the end of this live online course, you’ll understand:

  • The steps involved in a TLS handshake, including a comparison of TLS 1.2 and 1.3
  • How to make use of TLS within code, safely, for inter-application communication
  • How to perform mutual authentication with certificates, and good practice for certificate management

And you’ll be able to:

  • Make use of standard libraries in Python and Java to perform TLS handshakes and communication
  • Configure sessions for server-side or mutual authentication, and make use of certificate pinning to remain sure that host identities can’t be changed.
  • Implement safe certificate and key management practices.

This training course is for you because...

  • You're an engineer with development experience who would like to utilize TLS in order to provide robust end-to-end encryption in your own applications.
  • You're an engineer who has been tasked with analyzing and improving the security of existing code to ensure you’re following best practice.
  • You're a developer who would simply like to learn more about this important protocol for use in future projects.

Prerequisites

  • Basic knowledge of Python or Java
  • Some knowledge of encryption would be a bonus

Materials or downloads required in advance of the course:

  • A Python 3.6 or Java 8 installation
  • Link to GitHub repo
  • Python examples just need to be downloaded; Java examples should be downloaded and compiled in advance

Recommended preparation:

Recommended follow-up:

About your instructor

  • Michael Pound is a lecturer and researcher in computer science at Nottingham University, where he teaches the third-year computer security course, which covers a wide range of topics from cryptography to hardware security and malware. Michael is a regular contributor to the popular YouTube channel Computerphile, where his videos on topics such as image analysis, machine learning, and computer security have accumulated over 18 million views from people all over the world.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Introduction to the Course (15 mins presentation)

  • An outline of the exercises and materials
  • What is Transport Layer Security?
  • A history of SSL and TLS
  • Q&A

Introduction to TLS (20 mins pres)

  • The protocol explained
  • TLS 1.2 vs 1.3
  • Q&A

Exercise - Setting up a secure connection (15 mins exercise)

  • 5 minute break

Advanced TLS (15 minutes presentation)

  • Mutual authentication (two certificates)
  • Certificate pinning
  • Q&A

Exercise - Establishing mutual authentication (10 mins exercise)

  • Advanced TLS Continued (10 minutes presentation)
  • Restricting cipher suites and other configuration
  • Q&A

Exercise - Certificate pinning (10 mins exercise)

  • Good Practice (10 minutes presentation)
  • Safe certificate and key management
  • When to use and not use TLS
  • Further resources

Q&A and wrap-up (10 mins)