I was on a good blogging pace this month until a very nasty flu got ahold of me. Needless to say I have had a lot of couch and movie time over the past week and a half which, when I had the energy, allowed me to do some reading. If you read the title of this post you will know my latest book of choice was “SSL and TLS Essentials - Securing the Web” by Stephen Thomas. I think (maybe I just never noticed) this is one of the first books I have read that was published by Wiley Computer Publishing and it was definitely my first go at a book written by Stephen Thomas.
The verdict is.... it is a great read. In tune with what my friend Jason Kemp wrote, this book is highly focused on one subject, which is what makes it great. Those catch-all programming books are generally trash and never really answer your burning questions on the subject at hand. This book, just short of 200 pages, starts out light by introducing public/private key technology (with cartoons :) ), then moves into describing SSL from version 2.0 to 3.0 and finally its migration to TLS (Transport layer security). The book then concludes with a look at X.509 certificates, including a walk through (byte-by-byte) of an actual certificate and an overview of the theoretical weaknesses of SSL and known exploits of various algorithms with given key lengths.
If you are completely new to SSL/TLS or want to get a solid understanding (message layouts, certificate fields, etc) of the protocol and its surrounding technologies this is the book for you.