« SSL Labs: Stricter security requirements for 2014 | Main | Checking OCSP revocation using OpenSSL »

Bulletproof SSL and TLS available for early access and preorder

February 04, 2014

My next book, Bulletproof SSL and TLS, is now available for early access and preorder. I am thrilled to publish my latest work, even if it is not yet finished. Actually, because it is not yet finished. With early access to the manuscript, you get a chance to read the book straight away, and, perhaps more interestingly, you get to tell me what you'd like to see improved before the book is officially published. I, on the other hand, no longer have to write in isolation. So bring it on!

This book is taking me an awfully long time to write. Not only is the topic very complex, but it keeps changing. What was true last month is not necessarily true today. I lost count of how many times I had to go back and update a "finished" section in one chapter or another.

By now I've completed the largest of 3 book parts—Practical Configuration. The 6 large chapters in this part, together with the appendix, have about 200 pages, or (estimated) about 60% of the final book. More importantly, this part is largely self-sufficient: if you have to do any SSL configuration work today, this early release has all you need and covers all the major web platforms.

Here's what I have so far:

  • Chapter 10, OpenSSL Cookbook, describes the most frequently used OpenSSL functionality, largely focusing on installation, configuration, and key and certificate management. This is the most polished chapter, given that it had been released as a standalone short book in May 2013, and then updated in October.
  • Chapter 11, Testing with OpenSSL, continues with OpenSSL and explains how to use its command-line tools to test server configuration. Even though it is often much easier to use an automated tool for testing (e.g., the SSL Labs Server Test), OpenSSL remains the de facto standard for troubleshooting.
  • Chapter 12, Configuring Apache, discusses the SSL configuration of Apache httpd.
  • Chapter 13, Configuring Java and Tomcat, covers the current versions of Java and Tomcat, and gives a glimpse of what's coming in Java 8. (Java 8 coverage will improve soon after Oracle makes the final release candidate available.)
  • Chapter 14, Configuring Microsoft Windows and IIS, discusses the Microsoft Windows platform and the Internet Information Server.
  • Chapter 15, Configuring Nginx, discusses the Nginx web server, covering the features in the stable and development version equally.
  • Appendix, SSL/TLS Deployment Best Practices, serves as a temporary replacement for the yet-to-be-written Chapter 6, Deployment. It covers the same material and gives the same advice, only in fewer words.

The remaining chapters will be released as they are ready, at one- or two-week intervals, depending on the chapter. The plan is to complete the manuscript by mid-April, at which point the book will go to copyediting and then production. We are aiming to publish the first edition in June.

In terms of quality, the chapters have been through several revisions already. I usually write and then rewrite at least once, often twice. Further, most chapters have been through a technical review, which adds a revision or two. There hasn't been any copyediting yet. That will come at the end, after the entire manuscript is complete, but before the final production stages begin.

MY BOOK: If you like this blog post, you will love Bulletproof TLS and PKI. For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI and will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. It's available now.