Effective encryption is a vital component of a safe and secure internet, especially since the arrival of HTTP/2. Many sites and mobile apps still don't use TLS to encrypt their traffic, often citing some kind of fear over the complexity of it all, or if they do, they make a mess of it, resulting in a literal false sense of security. The basics of TLS encryption are straightforward, but the practical realities run into a bewildering forest of acronyms. This talk gives you a breadcrumb trail through the backwoods of TLS, OCSP, ECDHE, ALPN, HTTP/2, HSTS, CT, and more, including the latest changes in TLS 1.3.

You'll get an overview of what problems TLS solves, how it works, its component pieces, how they fit together, where vulnerabilities and mitigations apply, and what tools and resources can help you get up to speed, and keep the wicked witch away!


Comments are closed.

Excellent informative talk. Just great!

Learned a lot during this talk.

Good pacing, good content! 👍

Simon at 09:40 on 25 Jan 2020

Great talk, very informative and thorough!

Way better than I expected. Very informative. Thank you for pointing out mozilla's ssl-config-generator.

Great talk about TLS. Title seems a bit unrelated since the fairy tale is only in the ending and in the style of the slides.

Complex topic well detailed and presented!