TLS Mastery Release, Sponsor Gifts, and Acknowledgements

As if 2020 wasn’t sufficiently rough, I spent it writing about TLS.

Now, I’m done.

TLS Mastery has escaped.

TLS Mastery Beastie Edition
Beastie Edition
TLS Mastery cover
Tux Edition

Transport Layer Security, or TLS, makes ecommerce and online banking possible. It protects your passwords and your privacy. Let’s Encrypt transformed TLS from an expensive tool to a free one. TLS understanding and debugging is an essential sysadmin skill you must have.

TLS Mastery takes you through:

  • How TLS works
  • What TLS provides, and what it doesn’t
  • Wrapping unencrypted connections inside TLS
  • Assessing TLS configurations
  • The Automated Certificate Management Environment (ACME) protocol
  • Using Let’s Encrypt to automatically maintain TLS certificates
  • Online Certificate Status Protocol
  • Certificate Revocation
  • CAA, HSTS, and Certificate Transparency
  • Why you shouldn’t run your own CA, and how to do it anyway
  • and more!

Stop wandering blindly around TLS. Master the protocol with TLS Mastery!

Available in the Beastie Edition and the Tux Edition. The only difference is the cover. Hardcover has both covers.

Get the two-cover hardcover at any of the print bookstores below, or direct from my bookstore.

Get the combined editions at:

Get the Beastie edition at:

Get the Tux edition at:


If you’re a sponsor: your gifts are on order. I have enough on hand for my Patronizers, so I’ll be shipping those first. As soon as yours arrive, I’ll get them to you.

This was a rough book to write, so I want to share the acknowledgements.

TLS is perhaps the most complicated topic I’ve ever written about. Writing this book would have been impossible without outside help.

This book would not exist if the Internet Security Research Group hadn’t deployed ACME and organized Let’s Encrypt. TLS certificates are not only free for most people, their maintenance and renewal is highly automatable. They’ve changed the whole Internet, and deserve our thanks for that.

It doesn’t matter how many RFCs I study and how many technical mailing list archives I read: I lack the expertise and context to best illuminate an arcane topic like TLS. The folks who read this manuscript’s early stages and pointed out my innumerable errors deserve special thanks. James Allen, Xavier Belanger, Trix Farrar, Loganaden Velvindron, Jan-Piet Mens, Mike O’Connor, Fred Schlechter, Grant Taylor, Gordon Tetlow, and Fraser Tweedale, here’s to you.

Lilith Saintcrow convinced me that The Princess Bride could be a useful motif for a serious technology book. This book was written during the 2020 pandemic, so I must also thank The Princess Bride for providing me a desperately needed sense of hope.

Dan Langille gracefully submitted to the pillaging of his blog for useful hints and guidance. I am grateful that JP Mens, Evan Hunt, and John-Mark Gurney provoked him into updating that blog and saving me a bunch of work.

I am unsure if I should profusely thank Bob Beck for his time and patience in revealing the innards of TLS, or profoundly curse him and his spawn unto the seventh generation. I must acknowledge the usefulness of “Happy Bob’s Test CA,” however, so I’ll raise a glass to that while waffling over whether or not the bottle of fair-to-middlin’ wine I owe him should be laced with iocane powder.

For Liz.

Again, to all the tech reviewers and Patronizers and sponsors: thank you. This book would not exist without you.