Practical TLS – Free SSL Training – Module 1

Recently, I published a full SSL training course which is a comprehensive, deep dive into SSL and TLS — the protocols which secure the Internet.

I want people to see the quality of the content within the course, so I’m planning to release free previews of some of the lessons. Over the next few weeks, I will be releasing the first module for Free on YouTube so that anyone can sample the lessons from the course.

TLS/SSL Overview – Module 1

The first module of this course will serve as an overview of TLS and SSL. It provides fundamental knowledge which will serve as the jumping off point as we dive deeper and deeper into the protocols.

By the end of the course, the student will be a be an SSL expert – confidently navigating the world of SSL troubleshooting and auditing. But you cannot become an expert without knowing the foundation, and that is what we unpack in this first module.

Lesson 1 – What is SSL? What is TLS?

In this lesson we answer the fundamental question: What is SSL and TLS? We’ll show you what websites are by showing you an HTML page transferred using HTTPS, then discuss SSL VPNs and illustrate their typical use case.

After watching this video, you will be able to answer:

  • Why do you need protected communication over the Internet?
  • What is the World Wide Web? What are Websites?
  • Why do we need secure websites?
  • What is HTTP? What is HTML? What is HTTPS?
  • What is an SSL VPN?
  • What are use cases for SSL VPNs?
  • What is the difference between SSL and TLS?

Lesson 2 – How do SSL/TLS protect your data?

SSL and TLS’s primary goal is to “secure” communication as it crosses the Internet. But what does it mean to “secure” data? What must be done to data in order to consider it protected. This will be the focus of this lesson.

Incidentally, the other two major “secure communication” protocols, SSH and IPsec, also have identical goals to SSL and TLS. The content in this lesson also applies to SSH and IPsec.

After watching this video, you will be able to answer:

  • What does it mean for data to be “protected” on the Internet?
  • What is Confidentiality?
  • What is Data Integrity?
  • What is Authentication?
  • What Cryptographic tools provide Confidentiality / Integrity / Authentication ?

Lesson 3 – Anti-Replay and Non-Repudiation

Along with Confidentiality, Integrity, and Authentication (described in Lesson 2) the discussion of securing data also typically makes references to the concepts of Anti-Replay and Non-Repudiation. In this lesson we’ll define both of these concepts and show you how SSL and TLS provide them.

After watching this video, you will be able to answer:

  • What is a Replay attack?
  • What is Anti-Replay
  • What is Non-Repudiation?
  • How is Non-Repudiation provided?

Lesson 4 – Key Players of SSL/TLS

The SSL and TLS ecosystem involves the interaction of three key roles: the Client, the Server, and the Certificate Authority (CA). No SSL training course is complete without providing an explicit definition of what types of systems, software, or devices function as each of these three roles.

After watching this video, you will be able to answer:

  • What are the three Key Players of SSL and TLS?
  • What sorts of devices/software act as SSL Clients?
  • What sorts of devices/software act as SSL Servers?
  • Between the Client and the Server, which must provide an SSL Certificate?
  • Who creates and issues Certificates?
  • What are some common Certificate Authorities?

Lesson 5 – TLS/SSL Versions

There have been many versions of SSL over the years. From SSL v1.0 designed back in 1994, through TLS v1.3 which was just released in August of 2018. Each of these versions of the protocol is an evolution of its predecessor.

In this lesson we’ll explore some of those changes from version to version. We’ll also indicate which versions of SSL and TLS can be considered secure, secure-ish, or completely insecure by today’s standards.

After watching this video, you will be able to answer:

  • How many versions of SSL / TLS have exited over the years?
  • What does it mean to have to balance Security and Accessibility?
  • In what way is SSL v3.0 the foundation of the versions of SSL we use today?
  • What is the Major Version and Minor Version for SSLv3.0? TLSv1.0? TLSv1.1? TLSv1.2? TLSv1.3?
  • What versions of SSL/TLS are the most secure today?
  • What versions of SSL/TLS are considered completely insecure?

Practical TLS – the ultimate SSL training course

If you enjoyed these free lessons and want to see more of the course, there are additional lessons available to preview here (expand each module to see the lessons they contain).

Tags:
5 1 vote
Article Rating
Subscribe
Notify of
6 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Hey there! Just wanted to reach out and ask if there was anything happening with the emails option for your site! I tried to sign up and it said to check your email, but I never receive any emails (even to the junk folder). I also tried to use the contact form, but it just spins when trying to submit. Thought you might like to know. Thanks!

I certainly appreciate not contributing to email spam! I tried it again this morning and still didn’t get anything after signing up, but maybe that’s normal as you say. Thanks for checking into it!

Awesome, thanks for the confirmation!

Thanks for the great content!