« Announcing Bulletproof SSL and TLS, the 2017 revision | Main | OpenSSL Cookbook 3rd Edition now available »

Second edition of Bulletproof SSL and TLS now in preview

November 01, 2020

I am happy to announce that the second edition of Bulletproof SSL and TLS is now available in preview. As I write this, it’s November 2020 and roughly six years since we released the first edition. I am happy to say that things have worked out approximately how I thought they would. The first edition came out in 2014, but immediately in 2015 we released another version to keep up with the developments, and then a full revision followed in 2017. In 2018, the long-awaited TLS 1.3 protocol came out, making a big impact on the ecosystem. As a result, I started to plan the second edition, which needed to be a major rewrite. The trick was to begin writing when the support for this new protocol is stable across a range of technologies, so that the book is not obsolete the moment it comes out. And here we are.

At this point, the key parts of the book have been written or rewritten. There is obviously one entirely new chapter to cover TLS 1.3. The two OpenSSL chapters have seen so many changes that little text remains unchanged. (This is largely because Matt Caswell, a member of the core OpenSSL team, joined me as technical reviewer. His insights have spurred me to write more than planned.) I have also replaced the deployment chapter from the first edition with a brand new configuration chapter that is better structured and touches on everything you need to know to setup everything just right.

Some things have been removed. The chapters dealing with the Apache web server, Java, Microsoft technologies, and Nginx are now gone. When I originally started to write this book, I thought I would write about 250 pages, but the end result was closer to 600. On the one hand, there are so many details to convey, but, on the other, no one wants to read a big book. The new edition had to increase the amount of pages further, but I took a decision to remove some parts that I felt were not fully connected to the main body of content.

Although there still remain several chapters to go through, I feel that the remaining changes will fall in the supporting category. The bulk of the material is already here and ready for you to enjoy. I continue with the remaining work and will publish the second edition when it’s ready.

MY BOOK: If you like this blog post, you will love Bulletproof TLS and PKI. For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI and will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. It's available now.