Make a submission

Submissions are closed for this project

PyCon, the gathering for the community using and developing the open-source Python programming language. This is the second year of the PyCon Pune where the community will meet for two days of talks and working on upstream projects in two days of dev sprint. CFP ends on 15th September AoE.


Note to submitters: The talks will be selected by a team. We will not count the public votes.

Hosted by

PyCon Pune 2017 more

Christian Heimes


Gentle introduction to TLS, PKI, and Python's ssl module

Submitted Sep 16, 2017

TLS/SSL is the most important and widely-used protocol for secure and encrypted communication. I’m going to introduce you to TLS 1.2 and 1.3, cryptographic building blocks, best-practice configuration, certificates, and public key infrastructure using Python’s ssl module


TLS is an ubiquitous protocol for secure communication. It’s used in HTTPS, email (IMAP, POP3, SMTP), LDAP, FTP, and more. Some recent protocols like HTTP/2 are not defined for unencrypted channels. TLS offers more than just encryption with symmetric cryptography. It also ensures data integrity and strong authentication with the help of X.509 certificates and public key infrastructure (PKI).

Did you ever wonder what’s the difference between SSL, TLS, and StartTLS? Or what is the meaning of cryptic terms and names like Server Name Indication, Subject Alternative Name, OCSP or TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384? What is perfect forward secrecy and why is it so important for privacy? Does HTTPS make my website slow? What is the difference between a root CA, intermediate CA and end-entity certificate? The talk will give you answer these questions. It covers a quick introduction to the cryptographic building blocks, the TLS handshake, cipher suites, structure of certificates and what is going to change with TLS 1.3. You’ll also learn best practices for TLS configuration and how to use Python’s ssl module.

Some prior knowledge of cryptography and networking basics are helpful but not required to follow this talk.

Speaker bio

Christian is a long time Python developer from Hamburg/Germany. In the past he has contributed to several Open Source projects such as the CPython interpreter. In the past years he has helped to keep Python secure, for example as member of the Python security response team, secure hashing (PEP 456) and improvements of Python’s TLS/SSL module. Nowadays he is employed by Red Hat and works OpenShift container security and FreeIPA identity management.


{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}