Keep Your Secrets Secret – TLS for Java developers

Hackers, spies and Sofia never sleep. It became a custom that network communication is protected by a TLS protocol. TLS provides data confidentiality, integrity and authenticity.The TLS is not just great, it's also complex with a bunch of extensions. It's not hard to use it in the wrong way and stay vulnerable against different types of attacks. What happens when your certificates expire? Do you validate hostnames? Which certificate authorities are trusted in your setup?Let's look together what support Java runtime provides out-of-the-box and what developers have to handle manually. The presentation will cover the performance consequences of using TLS and how the certificate validation works. We will also talk about the common implementation flaws and TLS communication debugging.After the talk, attendees will be able to identify issues in their TLS usage and fix them.Slides