6 Transport Layer Security
This chapter covers
- Resisting man-in-the-middle attacks
- Understanding the Transport Layer Security handshake
- Building, configuring, and running a Django web application
- Installing a public key certificate with Gunicorn
- Securing HTTP, email, and database traffic with Transport Layer Security
In the previous chapters I introduced you to cryptography. You learned about hashing, encryption, and digital signatures. In this chapter you’ll learn how to use Transport Layer Security (TLS), a ubiquitous secure networking protocol. This protocol is an application of data integrity, data authentication, confidentiality, and non-repudiation. After reading this chapter you’ll understand how the TLS handshake and public key certificates work. You’ll also learn how to generate and configure a Django web application. Finally, you’ll learn how to secure email and database traffic with TLS.
Before we dive into this subject I’m going to establish some vocabulary terms. Some programmers use the terms SSL, TLS, and HTTPS interchangeably, even though these terms mean different things. The Secure Sockets Layer (SSL) protocol is the insecure predecessor of TLS. The latest version of SSL is more than 20 years old. Over time a number of vulnerabilities have been discovered in this protocol. In 2015 the Internet Engineering Task Force deprecated it (https://tools.ietf.org/html/rfc7568). TLS supersedes SSL with better security and performance.