I am very happy to announce the release of my new book, Bulletproof SSL and TLS. This book is a result of more than five years of research and two years of writing, driven by my search for a complete understanding of what it means to deploy secure services on the Internet. I wrote it because there’s so much information that it’s impossible to remember it all, even if you make it a full time job.
The end result is 528 pages of text spread across 16 chapters. It’s a complete package that starts with an introduction to cryptography, SSL/TLS, and PKI, follows by a complete coverage of the current problems with the protocols as well as the entire ecosystem, and finishes with a ton of practical advice for configuration and performance tuning. Advanced technologies such as pinning, HTTP Strict Transport Security, Content Security Policy, and DANE are covered in a separate chapter. OpenSSL is well covered with two chapters, and there’s also a chapter for each of Apache, Java and Tomcat, Microsoft and IIS, and Nginx.
You’ll find more information about the book on its homepage.