Join Sean Colins for an in-depth discussion in this video SSL, TLS, and OpenSSL, part of Understanding Secure Sockets Layer.
- I want to clarify something, the difference between SSL and TLS. These are acronyms you may see used together, and in some cases in ways that seem interchangeable. So I want to be sure that you understand what they are. So Secure Sockets Layer is a security standard. It was invented in the mid-90's to secure web traffic for Netscape. And TLS came after it, based upon its success in the late 90's. Both of them secure network communications with encryption.
And this intended to be encryption of data going across a network. So its transmission, okay? So OpenSSL, which we will use in this class extensively, was developed as an open-source standard that uses SSL and TLS to protect both operating systems and programs. Mac OS X, Windows, and Linux all use it for SSL. But so do things like Mozilla and other application providers. There are plenty of vulnerabilities out there, and as vulnerabilities are brought to light, they are dealt with.
Some examples are listed here, and some like Heartbleed are infamous. You'd be hard-pressed not to have heard about it in the past. So it's very important that you check your SSL versions, and if you want to do that, you can easily go to the openssl.org website, where on the front page, based on date when they have put out updates, and what they've fixed in each one. I heartedly encourage you to go to this website frequently, and just double-check that your version is at least within the last couple of versions so that you're up to date.
- SSL communications
- Certificate authorities
- Public key infrastructures
- Symmetric and asymmetric key pairs
- Cryptographic hash functions
- Encryption algorithms
Start now, and by the end of this course you'll have the knowledge to create SSL certificates, as well as revoke and renew them, from the command line.