« Bulletproof SSL and TLS, three years later | Main

Announcing Bulletproof SSL and TLS, the 2017 revision

July 11, 2017

I am very happy to announce Bulletproof SSL and TLS, the 2017 revision. The manuscript is complete and it’s now undergoing copyediting. We expect that the revision will be fully done by the end of July. Get your updates now if you can’t wait, or in August if you can.

As with all full revisions, this means that we went through the entire book and updated everything that needed updating. My ongoing maintenance is usually focused on specific changes and how they impact the book. For example, when a new research is published I make note of it in the manuscript. Full revisions are different; I reread the entire book to ensure that it still makes sense, as if I were writing the book today.

The bottom line is that, three years on, we again have a fully up-to-date book. Our digital readers have had continuous access to the updates. (As an aside, we have a generous upgrade policy and will give a free digital copy of the book to anyone who purchased a paperback elsewhere; just send us your receipt.)

If you’re interested in my personal perspective on continuous writing and publishing, I published a blog post about it just the other day; go ahead and read it.

With the 2017 revision we’re introducing a new and unique feature, a special online book format that shows all book changes from the first edition until now. We can do this because our manuscript is machine readable (DocBook/XML). As a result, we can compare two manuscript versions to determine the exact differences. We hope that this feature will help you see exactly what changed so that you don’t have to reread the book again.

When you access this output format you'll see the table of contents modified to indicate the extent of changes on per chapter basis. The colours under the chapter names indicate the amounts and you can hover over them to see the backing numbers. What I found surprising was that there are many deletions, in some cases as many as the additions! Perhaps more interestingly, several key chapters have seen a turnover between 20% and 33%.

It gets more interesting inside the book. For example, this what the beginning of Chapter 10 looks like:

We hope that you'll be enjoying the updates! From here on we don't expect that we'll be updating the first edition any more. With TLS 1.3 around the corner, the next version of Bulletproof SSL and TLS will include more new content and as deeper changes throughout. So this is a good time to take a break, regroup, and start afresh.

In truth, Bulletproof SSL and TLS would have probably had its second edition already had it not been for TLS 1.3. But, even though we felt that there was enough improvement to warrant a new edition, we didn’t feel that we could release one now when TLS 1.3 is so close to completion. Of course, it's another problem that TLS 1.3 has been "almost done" for a long time now!

MY BOOK: If you like this blog post, you will love Bulletproof SSL and TLS. For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI and will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. It's available now.