O'Reilly logo
live online training icon Live Online training

Expert Transport Layer Security (TLS)

A guide through the ins and outs of the internet's most important protocol

Michael Pound

There are few protocols more central to the modern world than Transport Layer Security (TLS)—the powerful end-to-end encryption protocol that underpins almost all communication on the internet. Beyond web applications, TLS also ensures that communication between networked applications remains safe and efficient. Much safer than "rolling your own," TLS has certificate authentication built in, which helps verify the identity of either end point—essential, for example, in ensuring that an authenticated server won't send out malware in place of the intended software update.

Join expert Michael Pound to learn the fundamentals of TLS. You'll discover why TLS was created, how it works, and how to use it to transmit data securely within your networked applications, as Michael takes you through the iterative improvements seen since its inception, including the newly released TLS 1.3 specification. Along the way, you'll get your hands dirty using TLS for client-server applications and dive into advanced topics such as mutual authentication and certificate pinning—giving you the knowledge you need to begin utilizing TLS quickly and effectively within your own applications.

What you'll learn-and how you can apply it

By the end of this live online course, you’ll understand:

  • The steps involved in a TLS handshake, including a comparison of TLS 1.2 and 1.3
  • How to safely use TLS within code for interapplication communication
  • How to perform mutual authentication with certificates
  • Best practices for certificate management

And you’ll be able to:

  • Use standard libraries in Python and Java to perform TLS handshakes and communication
  • Configure sessions for server-side or mutual authentication and use certificate pinning to ensure that host identities can’t be changed
  • Implement safe certificate and key management practices

This training course is for you because...

  • You're an engineer with development experience who wants to utilize TLS to provide robust end-to-end encryption in your applications.
  • You're an engineer tasked with analyzing and improving the security of existing code to ensure you’re following best practices.
  • You're a developer who wants to learn more about TLS for use in future projects.

Prerequisites

  • Basic knowledge of Python or Java
  • Familiarity with encryption (useful but not required)

Recommended preparation:

  • Download Python examples from course GitHub repo
  • Download and compile Java examples from course GitHub repo
  • Read “Cryptography” (chapter 5 in Security Engineering: A Guide to Building Dependable Distributed Systems, second edition)
  • Take Introduction to Encryption (live online training course with Michael Pound)

Recommended follow-up:

About your instructor

  • Michael Pound is a lecturer and researcher in computer science at Nottingham University, where he teaches the third-year computer security course, which covers a wide range of topics from cryptography to hardware security and malware. Michael is a regular contributor to the popular YouTube channel Computerphile, where his videos on topics such as image analysis, machine learning, and computer security have accumulated over 18 million views from people all over the world.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Introduction (15 minutes)

  • Lecture: What is Transport Layer Security?; a history of SSL and TLS
  • Q&A

Introduction to TLS (35 minutes)

  • Lecture: The protocol explained; TLS 1.2 versus 1.3
  • Hands-on exercise: Set up a secure connection
  • Q&A
  • Break (5 minutes)

Advanced TLS (45 minutes)

  • Mutual authentication (two certificates); certificate pinning; restricting cipher suites and other configuration
  • Hands-on exercises: Establish mutual authentication; implement certificate pinning
  • Q&A

Good practice (10 minutes)

  • Lecture: Safe certificate and key management; when to use and not use TLS; further resources

Wrap-up and Q&A (10 minutes)