The Sorry State of SSL

Explore the complexities and vulnerabilities of SSL/TLS in this 45-minute EuroPython Conference talk. Gain a comprehensive understanding of how SSL and TLS function, their current limitations, and best practices for securing data in motion. Learn about server and client-side responsibilities for optimal security, Python alternatives for TLS implementation, crucial server configuration considerations, and potential external threats. Discover common pitfalls in TLS usage and deployment, and acquire practical strategies to enhance transport layer security in your applications. Equip yourself with the knowledge to critically assess personal and application security in an era of mass surveillance and cybercrime.

Intro
ONLY LINK
TIMELINE
CERTIFICATES
DISABLE
CIPHER: MODE
ENCRYPTION: PREFER THIS
ENCRYPTION: FALL BACK TO
ENCRYPTION: DANGEROUS
KEY EXCHANGE
INTEGRITY: MACs
PROTOCOLS
CIPHER SUITES
VERIFY THE CERTIFICATE!
SYSTEM CA
DON'T VERIFY TRUST CHAIN
DON'T VERIFY HOSTNAME
SET SOME OPTIONS
FUNDAMENTAL MISCONCEPTIONS
VPN?
CERTIFICATE WARNINIGS
TRUST ISSUES
Rule of Thumb
STANDARD LIBRARY
PYOPENSSL
CRYPTOGRAPHY.IO
HOSTNAME VERIFICATION
SERVERS
CLIENTS
SUMMARY
IMPLEMENTATIONS
USERS
HOPE