Bulletproof SSL and TLS: The Complete Guide to Deploying Secure Servers and Web Applications

by Ivan Ristic

SSL/TLS is the cornerstone of security on the Internet, but understanding it and using it are not simple tasks. Quite the contrary; mistakes are easy to make and can often fully compromise security. Bulletproof SSL and TLS is the first SSL book written with users in mind. It is the book you will want to read if you need to assess risks related to website encryption, manage keys and certificates, configure secure servers, and deploy secure web applications. Bulletproof SSL and TLS is based on several years of work researching SSL and how SSL is used in real life, implementing and supporting a comprehensive assessment tool running on the SSL Labs website (https://www.ssllabs.com), and assessing most of the public SSL servers on the Internet. The assessment tool helped many site owners identify and solve issues with their SSL deployments. The intent of this book is to provide a definitive reference for SSL deployment that is full of practical and relevant information.

Genres: Technology, Computer Science, Technical, Nonfiction, Software, Computers, Programming

425 pages, Paperback

First published July 31, 2014

Reviews

[Kurt Kincaid · Rating 5 out of 5]

Honestly, I cannot recommend this book highly enough. I work extensively with certificates, TLS, PKI, etc. on a daily basis, and I have yet to encounter a book that even comes close to this one.

Ristic updates the book frequently with new and updated information. There are many examples of the various points and concepts, all with enough detail and explanation to go beyond and take things your own direction as needed. The author is to be commended for bringing a complex and highly nuanced subject into a single, highly accessible book.

[Hou · Rating 4 out of 5]

The first part of the book is a must read for every software engineer, regardless of experience level. The comprehensive coverage of SSL and TLS protocols provides an invaluable foundation for anyone involved in web development or server management.

While the initial sections are timeless in their relevance, I did find that the latter part, which focuses on deployment, tends to be repetitive and dives into technology-specific details. This section might not be as universally applicable or engaging for all readers, especially those who are looking for a broader understanding of SSL/TLS without delving into implementation details. However, for individuals who are involved in server management, it still contains valuable insights.

Note that some of the technologies in the book have evolved or become outdated nowadays. Nevertheless, the core principles and concepts remain highly relevant

[Chris · Rating 4 out of 5]

Loved the section on BEAST & CRIME and other attacks. Really well worded.
Albeit out of date, when I read it in 2022. Although the second edition is coming out soon and can't wait for to read it. Which will, of course, include TLS 1.3 and other things that have happened/changed since the 1st edition.

[Mark Hillick · Rating 4 out of 5]

Great book - technical but also easy to follow with excellent descriptions, including all of the significant TLS/SSL attacks and vulnerabilities prior to publication.

Ivan is an incredible expert on the cryptography field and thankfully, unlike many experts, he writes clearly :)

[Jeff Patterson · Rating 5 out of 5]

This book taught me a lot. It explained much of the magic behind TLS and how it works on a server communicating with other servers and applications.

If you create certificates and need to test, then this is the definitive guide!

[M · Rating 5 out of 5]

Extremely well written. Very technical.

[Dudley · Rating 4 out of 5]

Interesting historical accounts of attacks. Not much on technical details, but grants the reader the knowledge of the frequency of various attack vectors.

[Gustavo · Rating 4 out of 5]

Very good explanation about what is SSL and how it works.

[Alexander Damian · Rating 5 out of 5]

Great. I can't say anything else about this masterwork.

[Ashwin Salgaonkar · Rating 4 out of 5]

The book is what you start with to understand Cryptocurrencies and Blockchains. There is no mention of it in the book, but it is what I feel, the foundation which is needed to understand Public Key Infrastructure(PKI).

[Bruce Morton · Rating 5 out of 5]

When Bulletproof TLS and PKI 1st edition came out in 2014, it was at the top of my purchase list. The book provided a great background in TLS, PKI and cryptography. It addressed the TLS protocol and how to implement. Addressed attacks and implementation issues. It answered most if not all questions in TLS deployment.

Now we have the second edition, which has provided updates throughout. These updates include the latest protocol TLS 1.3. Certificate Transparency and CA Authorization (CAA) have been updated based on growing experience over the last 8 years. Performance optimization chapter has had a major re-write which now also addresses QUIC and HTTP/3.

Chapter 11 starts with “This chapter is where everything comes together.” I think this is a must read chapter for all those who manage or administer deployment TLS. Consider this the best practices chapter which touches on all the key elements.

In addition to providing all this insight, the book is fully referenced which provides the reader an even greater knowledge base.

I would recommend the second edition for the TLS beginner to get point in the right direction or the TLS expert who might want to brush up or just say, I told you so!

[Jason Copenhaver · Rating 4 out of 5]

Great discussion of SSL and TLS. Covers enough of the historical context to help understand why things are the way they are. Covers all of the recent attacks and even has deployment recommendations that discuss performance and compatibility.

[Andrew Douma · Rating 5 out of 5]

The 'about the author' section and realizing the time invested into compiling this reference should be sufficient for you to buy this book. I greatly enjoyed and frequently use the chapter on performance tuning TLS.