« OpenSSL Cookbook 3rd Edition now available | Main

Bulletproof TLS and PKI, Second Edition is out

February 16, 2022

It took a couple of years, but I am happy to report that my book Bulletproof TLS and PKI is now out and available in both digital and print. Although the title is slightly different this time, the new release is the second edition of my earlier work—Bulletproof SSL and TLS—which came out in 2014. The second edition has less SSL and more TLS, as it should be.

When I started writing this book in 2010, I not only wanted to produce a comprehensive and practical resource for anyone looking to successfully use TLS and PKI in production, but also aimed to keep the material up to date over the years. I’ve now spent more than a decade either writing or updating my book, and I am happy that I’ve achieved my dream of continuous writing and publishing.

It took a lot of work. First, there’s the writing. Updating the manuscript continuously takes more time, because you have to constantly write and then rewrite and rewrite again. This is especially challenging in the security space, where things change fairly quickly. Then, there’s the publishing. With no publishers out there interested in pursuing continuous publishing, we also had to take book production onto ourselves. That consisted of doing the traditional parts of the process, but also the continuous automated workflow, which was necessary to support frequent updates.

Although I am very happy with the result, some parts of the journey were quite challenging. Once we had the automation in place, making changes became easy. To release a new version all I needed to do was make the changes to the manuscript. With printing on demand, we didn’t have to worry about inventory, which enabled us to update the book “in place” (updated the print PDFs without making a new edition) several times, including one comprehensive revision in 2017.

The release of TLS 1.3 in 2018 made it impossible to continue to update the book incrementally. First, there was a new standard to cover. Then, we had to wait for the ecosystem to catch up and new versions of libraries and software to be released. Then they needed to mature. A completely new edition was needed. That edition should have come out in 2020, but my commitments at Hardenize slowed things down and added about a year to the schedule.

My favourite part of writing a release blog post is showing exactly what changed since the previous version. We can do this because our manuscript is based on DocBook XML. That enables us to compare one XML version from the past with the most recent XML document and highlight the differences. For this we use a tool called DocBook Compare, from a company called DeltaXML.

The end result is an HTML version of the book, which we actually make available to all our readers. The table of contents shows the book chapters, with a special diff bar under each name. We use grey to indicate no changes, green for new content, and red for deleted content. Inside each chapter we show the exact changes. For our readers, this is not only interesting, but useful. If you’re coming from the first edition, you can now see exactly what changed in the second release.

I wrote about our tooling when the 2017 revision came out and it’s perhaps interesting to compare that diff to the current one. The first obvious difference is that there are two new chapters, represented with an all-green diff bar. There are also three largely stable changes, whose diff bar is mostly grey. The remaining seven chapters are mostly a combination of green and red, which indicates heavy rewriting.

I hope you've found this story about what happens behind the scenes interesting. Until next time.

MY BOOK: If you like this blog post, you will love Bulletproof TLS and PKI. For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI and will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. It's available now.