Effective encryption is a vital component of a safe and secure internet, especially since the arrival of HTTP/2. Many sites and mobile apps still don’t use TLS to encrypt their traffic, often citing some kind of fear over the complexity of it all, or if they do, they make a mess of it, resulting in a literal false sense of security.

The basics of TLS encryption are straightforward, but the practical realities run into a bewildering forest of acronyms. This talk gives you a breadcrumb trail through the backwoods of TLS, OCSP, ECDHE, ALPN, HTTP/2, HSTS, HPKP, CT, and more, including the latest changes in TLS 1.3.

You’ll get an overview of what problems TLS solves, how it works, its component pieces, how they fit together, where vulnerabilities and mitigations apply, and what tools and resources can help you get up to speed.

Comments

Please login to leave a comment

Rob Wilson at 21:16 on 13 May 2020

Great talk :)

I've been dealing with TLS this week at work, and reading the RFCs around the associated ciphers (yawn). Your talk is alot clearer than reading the RFCs, and your style of presentation is fantastic (i might have to steal some bits for work)

Great that you touched on the SSL certificates (as most of us will be familiar), and some useful resources given. I'd have like to have seen webbkoll being run and explored, but I shall be looking into this tomorrow at work instead.

Great talk. Slides were clear. You made a potentially complicated subject very accessible. I've always found SSL a bit intimidating. I really started to understand it after your talk.

Thanks for a fantastic talk