TLS Mastery Michael W Lucas Copyright Information TLS Mastery Copyright 2020 by Michael W Lucas (https://mwl.io). All rights reserved. Author: Michael W Lucas Copyeditor: Amanda Robinson Cover art: Eddie Sharam ISBN (Beastie edition): 978-1-64235-052-4 ISBN (Tux edition): 978-1-64235-053-1 ISBN (hardcover): 978-1-64235-051-7 All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including but not limited to photocopying, recording, miracles (rotten or not), or by any information storage or retrieval system, without the prior written permission of the copyright holder and the publisher. For information on book distribution, translations, or other rights, please contact Tilted Windmill Press ([email protected]). The information in this book is provided on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor Tilted Windmill Press shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. Tilted Windmill Press https://www.tiltedwindmillpress.com TLS Mastery Michael W Lucas More Tech Books from Michael W Lucas Absolute BSD Absolute OpenBSD (1st and 2nd edition) Cisco Routers for the Desperate (1st and 2nd edition) PGP and GPG Absolute FreeBSD (2nd and 3rd edition) Network Flow Analysis the IT Mastery Series SSH Mastery (1st and 2nd edition) DNSSEC Mastery Sudo Mastery (1st and 2nd edition) FreeBSD Mastery: Storage Essentials Networking for Systems Administrators Tarsnap Mastery FreeBSD Mastery: ZFS FreeBSD Mastery: Specialty Filesystems FreeBSD Mastery: Advanced ZFS PAM Mastery Relayd and Httpd Mastery Ed Mastery FreeBSD Mastery: Jails SNMP Mastery TLS Mastery The Networknomicon Other Nonfiction Cash Flow For Creators Only Footnotes Books and Novels (as Michael Warren Lucas) Immortal Clay Kipuka Blues Butterfly Stomp Waltz Terrapin Sky Tango Forever Falls Hydrogen Sleets Drinking Heavy Water Aidan Redding Against the Universes git commit murder git sync murder See your local bookstore for more! Brief Contents Acknowledgements ...............................................................................10 Chapter 0: Introduction ........................................................................12 Chapter 1: TLS Cryptography ..............................................................26 Chapter 2: TLS Connections ................................................................52 Chapter 3: Certificates ..........................................................................62 Chapter 4: Revocation and Invalidation .............................................95 Chapter 5: TLS Negotiation ...............................................................105 Chapter 6: Certificate Signing Requests and Commercial CAs ....117 Chapter 7: Automated Certificate Management Environment .....141 Chapter 8: HSTS and CAA.................................................................175 Chapter 9: TLS Testing and Certificate Analysis .............................181 Chapter 10: Becoming a CA...............................................................187 Afterword .............................................................................................217 Sponsors ................................................................................................219 Patronizers ............................................................................................221