How TLS secures Data in Motion
TLS 1.3 Latest, including AEAD protocols like AES256-GCM and CHACHA20-POLY1305
TLS 1.2 Latest
Issues in TLS 1.2 that have been fixed in TLS 1.3
How to use Lets Encrypt and CertBot acme client for automatic certificate renewal
How to correctly configure TLS 1.2 and TLS 1.3 on NGINX
Certificate Revocation and how to set up Certificate Revocation on NGINX
Wildcard and SAN certificates
Certificate Formats and Converting between Certificate Formats
Immerse yourself in a comprehensive exploration of data security in motion through our meticulously crafted animated course, focusing on the implementation of TLS 1.3 and TLS 1.2.
The course begins with a foundational understanding of cybersecurity’s cornerstones: Confidentiality, Integrity, Authenticity, and Non-Repudiation. It then meticulously examines essential concepts such as Hashing, Signing, Symmetric and Asymmetric encryption, and the intricate domain of Public Key Infrastructure (PKI).
A deep dive into TLS version 1.3 follows, elucidating its mechanisms for key generation and exchange, and the sophisticated AEAD protocols CHACH20-POLY1305 and AES256-GCM.
Moving forward, we scrutinise TLS version 1.2, carefully contrasting its features with TLS 1.3, highlighting the latter’s distinct advantages.
Get Instant Notification of New Courses on our
Telegram channel.
Practical application takes centre stage as you learn to configure your NGINX web server seamlessly with TLS 1.2 and TLS 1.3. Additionally, the course covers the intricate process of certificate revocation and its implementation on NGINX.
The exploration concludes with a detailed examination of certificate types and formats. The predominantly animated course format ensures an engaging yet thorough learning experience, integrating theoretical content with practical demonstrations and packet captures for an in-depth comprehension.
Join us on this educational journey, where each module is meticulously crafted to provide a profound understanding of secure data transmission. I look forward to guiding you through this learning experience. Enroll today to fortify your expertise in cybersecurity.
Welcome to Modern TLS Bootcamp
Course Content
Introduction to Cryptography
Section Topics
Data & Cryptography
Confidentiality & Encryption
Integrity & Digital Signing
Test your knowledge
Authenticity & Digital Certificates Introduction
The Concept of Authenticity & Digital Certificates
PKI Terms & Definitions
Certificate Signing Process
PKI & Certificate Authentication
Demo: Trusted CAs root certificates stores on Windows & Mac OS
PKI – The Need for Intermediate Certificates
Demo: The Certificate Trust Chain Shown in a Browser & using a Packet Capture
Authority vs Non-Authority Certificates
Demo: Showing Certificate Fields in a Browser & using a Packet Capture
Static Key Pair & CSR Generation using RSA
Demo: Static Key Pair & CSR Generation using RSA
Static Key Pair & CSR Generation using ECDSA
Demo: Static Key Pair & CSR Generation using ECDSA
The ECDSA Public Key
Comparison between ECDSA & RSA
Test your knowledge
Non-Repudiation
Bringing Cryptography Concepts together
Exploring TLS 1.3
Section Topics
What is TLS 1.3
TLS 1.3 Session Stages
TLS 1.3 Session Setup Stage Topics
Exchanging Cipher Suites During TLS 1.3 Handshake
Demo: TLS Version & Cipher Suite Agreements in a Packet Capture
Cipher Suite Agreement
Ephemeral Keys Generation in TLS 1.3
Demo: Ephemeral Keys Generation & Certificate Verify Message in a Packet Capture
Cipher Suites Supported by TLS 1.3
TLS 1.3 Session Key Generation using ECDHE
Initialisation Vector Generation using ECDHE
Test your knowledge
TLS 1.3 Encrypted Data Flow Stage
TLS 1.3 & The Use of AEAD
HMAC
AEAD Cipher Modes
The Use of XOR Operation in Encryption
CHACHA20_POLY1305 & Message Encryption
AES256_GCM & Message Encryption
CHACHA20_POLY1305 or GCM, When to Use Which
Replay Attack Prevention Using Additional Data in AEAD
Demo: Showing the Message Authentication TAG in a Packet Capture
Test your knowledge
Exploring TLS 1.2
Section Topics
TLS 1.2 Session Stages
Session Setup Stage – Topics
TLS 1.2 Session Setup Stage
Demo: TLS Version & Cipher Suite Agreements in a Packet Capture
Ephemeral Keys Generation & Key Signing in TLS 1.2
Demo: Ephemeral Keys & Signed Server’s Public Ephemeral Key in a Packet Capture
Cipher Suites Supported by TLS 1.2
TLS 1.2 Session Key Generation using ECDHE
TLS 1.2 Encrypted Data Flow Stage
Test your knowledge
Issues in TLS 1.2, Fixed in TLS 1.3
Section Topics
Faster Key Exchange in TLS 1.3
PFS & The Discontinuation of RSA Support
LogJam Attack in TLS 1.2
Prevention of LogJam Attack in TLS 1.3
TLS 1.3 is Ready for Implementing Quantum Computer Security
Test your knowledge
Taking a Decrypted TLS Session Packet Capture
Taking a Decrypted Packet Capture in Mac OS
Demo: Taking a Decrypted Packet Capture in MAC OS
Taking a Decrypted Packet Capture in Windows
Demo: Taking a Decrypted Packet Capture in Windows
Automatic PKI Management with Let’s Encrypt CA
NGINX Web Server, Letβs encrypt CA & The Certbot ACME Client
Automatic Certificate Renewal on NGINX with Let’s Encrypt CA
Firewall Rules for Certbot & NGINX Functionality
Demo: NGINX Configuration with recommended TLS 1.3 and 1.2 Cipher Suites
Test your knowledge
Certificate Revocation
Server Certificate Revocation Overview
Demo: CRL Distribution Point and OCSP Responder URLs in the Server Certificate
Server Checking OCSP Responder
OCSP Stapling with NGINX
Demo: OCSP Stapling with NGINX, both for TLS 1.3 and TLS 1.2
Certificate Revocation with Letβs Encrypt CA & Certbot ACME Client
Demo: Renew a certificate, then revoke the old one in NGINX
Test your knowledge
Wildcard & SAN Certificates
Wildcard Certificates
SAN Certificates
Demo: SAN Certificate Generation on NGINX with Let’s Encrypt CA and Certbot
Test your knowledge
Certificates’ Formats
Digital Certificates’ Formats
Commands to Convert Certificate Formats
Course wrap up
Instructor Message