[T3] Deep dive into today’s SSL/TLS
by Pascal Junod (@cryptopathe)

Author: Pascal Junod (@cryptopathe)
Language: French or English
Number of participants: 6 to 18
Price: 750.- CHF
Date and time: Nov. 1 - 8:00-17:30

Content:

This training is shaped as a one-day training around (mostly) practical aspects of the SSL/TLS protocol. As of today, SSL/TLS is securing a vast majority of Internet communications, like web, email, VPNs, etc. During the last years, SSL/TLS has known several cases of headlines in the news, being in terms of attacks (Heartbleed, Poodle, BEAST, etc.) or initiatives around it (Letsencrypt, etc.).

The goal of this training is to bring fresh and clear technical information about the current state of affairs for the SSL/TLS protocol, including recent attacks, best configuration practices, the deployment of recent extensions, TLS 1.3, the status of its implementations in various programming languages and current initiatives around it. At the end of the day, the participants should have a clear idea on how is functioning SSL/TLS, how to deploy it in a secure way according to the state of the art and, last but not least, how to test a configuration.

Table of content:

  1. Past and Future of SSL/TLS
  2. Design of the Different Flavours of SSL/TLS
  3. Known Attacks against SSL/TLS
  4. Best Configuration Practices
  5. Useful Protocol Extensions
  6. Configuration Testing

Audience type:

This training targets everybody that is operating SSL/TLS in some way with a good technical background, including software engineers, system administrators, security engineers and officers, etc. The training will be clearly oriented towards practical and technical aspects.

Requirement:

Each participant should bring a laptop.

Price:

750.- CHF

Trainer:

Pascal Junod is a professor at HEIG-VD, an engineering school part of the University of Applied Sciences Western Switzerland (HES-SO). Besides teaching several topics of computer security to engineering students, he provides consulting services and lead several R&D projects in the area of industrial cryptography, software protection and information security.
In the past, Pascal has been working as a teaching and research assistant at the Swiss Federal Institute of Technology in Lausanne (EPFL), in the Security and Cryptography Laboratory, as well as a cryptographer for the Kudelski Group, world leader in the Pay-TV industry. He is also a co-founder of the startup strong.codes SA, active in the domain of software protection.
His main scientific interests are related to industrial cryptography and cryptanalysis, software protection, software security and ethical hacking.