SSL has taken many hits over the past ye ar. From the MD5 rogue certificate creat ion to SSL Strip, it seems that SSL shou ld be dead and gone. However, SSL is sti ll one of the fundamental security patte rns used to protect data in transit. Unf ortunately, SSL is widely misunderstood. It's time to take a breath and make sur e everyone knows what we are really doin g when we implement SSL. This will be an advanced talk that will focus on unders tanding the entire lifecycle of SSL. How does it work, what are the weaknesses a nd what's going on with the recent SSL a ttacks? We will address issues such as: How does SSL really work? Is redirecting from HTTP to HTTPS safe? Does the landi ng page need to be SSL? How bad are thos e browser warnings? What tools are avail able and how do I test my server's SSL c onfiguration? Should I be concerned abou t the MD5 rogue certificate or SSL strip ? These questions and more will be answe red. This presentation will not be a bas ic intro to SSL talk. This will be 45 mi nutes of drinking from the SSL security fire hose. It is intended for security a udiences already familiar with the basic s of SSL and encryption. Michael Coates is the lead Web Security Engineer for Mozilla with the responsibi lity of protecting all of Mozilla's web applications. Prior to Mozilla, Michael spent many years in consulting and perf ormed penetration assessments, security code reviews, and security training sess ions for leading corporations worldwide. Michael is a contributor to the OWASP T op 10, creator of the OWASP TLS Cheat Sh eet and the OWASP AppSensor project and holds a Masters Degree in Computer Secur ity from DePaul University.