Sophos Techknow - Understanding SSL

Filed Under: Featured, Podcast, Privacy

Welcome to another episode of Techknow, the podcast in which Sophos experts debate, explore and explain the often baffling world of computer security.

In this episode, entitled Understanding SSL, Paul Ducklin and Chester Wisniewski look into the ecosystem of SSL (Secure Sockets Layer) and TLS (Transaction Layer Security).

SSL is often taken for granted.

To many of us, it's not much more than "the S in HTTPS", or "the padlock in the browser."

But how does it work? Are SSL and TLS the same? Who verifies SSL certificates? How do we know we can trust them? What happens if we realise we can't? What technological glitches do we need to know about?

Duck and Chet discuss all this, and more, in this quarter-hour podcast.

Listen now:

Listen later:

Download Techknow podcast


, , , , , , , , , , ,

You might like

11 Responses to Sophos Techknow - Understanding SSL

  1. Steve Litchfield · 1125 days ago

    Sorry for being thick, but what's the RSS/XML feed for this podcast? I'd like to add it to my podcatcher etc.

  2. Steve Litchfield · 1125 days ago


  3. Lengieng Ing · 1125 days ago

    Is it Ok to say TLS stands for "Transaction Layer Security" rather than what it's originally known as "TRANSPORT Layer Security"?

    • Paul Ducklin · 1125 days ago

      Why call TLS by a name other than its official one? That's just confusing at best :-)

      Thing is, TLS really is about _transport_ layer security (that's "transport" as in the ponderous nine-layer [*] ISO OSI network architecture model). Once you've established a TLS-protected connection, you will probably end up using it for many _transactions_.

      Since it isn't strictly about transaction layer security, I wouldn't call it by that name.

      [*] I am aware that ISO OSI has seven official layers. I like to add two more at the top - above Application comes Political, and above Political comes Religious. Mnemonic aid: "Peter Dives Near The Swimming Pool Attendant, Practising Regularly."

  4. Dave · 1125 days ago

    Is there a transcript?

    • Paul Ducklin · 1125 days ago

      Not yet...I have to do them myself, and I am about as far from a stenographer as possible, so it takes me absolutely ages to get them right...and it's a gorgeous, sunny mid-winter's morning...and it's the weekend...and I want to head off to watch a football match which ought to end in victory for my local team...and it's an away game in Bondi, a short walk from the world-famous beach...and I haven't been to the beach in ages...and it would be a really good day to do some laundry, what with the sun and all...and...I can't think of any more excuses :-)

      No transcript yet. Sorry about that.

  5. Puzzled · 1125 days ago

    So, I have SSL-EV. All is fine green bars etc in Firefox, Opera, and IE. But in Chrome, it tosses out a warning. I have contacted several folks including Verisign and my managing hosting service, but they say all is fine. Any thoughts?

    • Paul Ducklin · 1125 days ago

      Errr...what's the warning? Have you asked around on a Chrome mailing list? Might be a place to start...

    • @JimmyEdge1 · 1122 days ago

      Hi, I work for VeriSign, or Symantec SSL as it is now known, have you contacted our customer support? Let me know where you are based through Twitter and I can get somebody to contact you.

  6. DarkDante · 1124 days ago

    Wow! I was very impressed. This is the first of your podcasts I've listened to. The format of questions and answers as opposed to a discussion provided an excellent guide through the topic. Often, discussions can be rambling and can confuse the listener with confusing structure and tangential excursions. Chester's explanations were wonderful. They were structured, concise, well-phrased, and clear.

    (I do wish I was having as good of luck using the Mac free version of your software. It confounds me by not cleaning up threats that it says it will. Perhaps I will grasp this with time.)

    I am your newest fan and am eager to learn more from you two.

    • Paul Ducklin · 1124 days ago

      Thanks for the kind words. Chester is rather good at explaining things, isn't he :-)

      As far as our free Mac software goes - you might want to take a look at

      Head to the "MacTalk" community - you may find the advice you need.

      As for the Techknow podcast - if there are any topics you'd like to see covered, please email us:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog