Are you a TLS master?

Published on 2021-04-21. Modified on 2021-04-21.

Michael Warren Lucas has taken the complexities of TLS, and with his new book TLS Mastery, made it both understandable and practical.

Now, as with most of Michaels tech books, this book is the way of the pragmatic system administrator. It's not a lengthy discussion about the mathematical algorithms, or about the technical details on how a TLS handshake takes place. There exist tons of material on the Internet if you're interested in all of that, such as e.g. The First Few Milliseconds of an HTTPS Connection.

TLS Mastery is for you if you are a system administrator deploying any kind of service that requires TLS.

If you are running any kind of web server, mail server, or anything else that is using TLS, and you have just followed a tutorial or a HOWTO and put things together and hoped for the best, then Michaels TLS Mastery is an absolute MUST have for you!

But even if you're an experienced senior system administrator, brushing up on the issue doesn't hurt, and perhaps you might even still learn something new ;)

I am a fan of Michaels tech books because of how approachable they are. He is old-school, in the best and most practical way, yet in no way out-of-date as he not only understand the technology in depth, but he is also doing a great job at keeping himself updated with relevant information.

This is a very small snippet from his book which I have put together. It's a good example of how Michael manages to explain something that is highly complicated in a very simple and interesting way.

A cryptographic algorithm is a method of encryption. Symmetric algorithms use the same key to encrypt and decrypt text. If you have the key and know the algorithm, you can encrypt and decrypt messages. Symmetric algorithms rely on keeping the key secret.

Most encryption algorithms used in the last ten thousand years are symmetric. People outside computing and cryptography might call a symmetric algorithm a code, but that’s a heavily overused word in our profession so please avoid further burdening it.

A well-designed symmetric algorithm retains message confidentiality even if the algorithm is known. Consider the first code every kid learns: A=1, B=2, and so on. This algorithm is poor, because if you know the algorithm you can decrypt the message.

You can slightly improve this algorithm by adding a secret key, a number to be added to each value. A key of 13, meaning A=14 and B=15 might look harder to crack, but an experienced cryptographer can decrypt a message with very little effort. Modern symmetric algorithms like CHACHA and AES retain confidentiality even when everyone knows how they function.

Computers have raised the standards for symmetric algorithms. Modern algorithms are complex, with long and cumbersome keys. Once two entities can exchange the secret key, they can communicate quickly and easily. The problem is getting the secret key from one to the other. That's where public key encryption comes in.

Michael struggled 12 month trying to put this topic into an approachable form. With TLS, this is something that is very difficult. So if you do buy the book, consider putting in a couple of extra bucks.

Please note, I am in no way affiliated with Michaels book shop or in any other way. I just like his books!