Day 1: SSL/TLS History and Threat Model Day 2: Symmetric Cryptography in TLS Day 3: Asymmetric Cryptography in TLS Day 4: Hash Functions, HMAC, and HKDF Day 5: PKI Concepts Overview Day 6: RFC 8446 §1–3 and the Record Layer Day 7: Challenge Day — TLS Connection Inspector
Day 8: ClientHello Deep Dive Day 9: ServerHello, KeyShare, and HelloRetryRequest Day 10: The TLS 1.3 Key Schedule Day 11: Certificate, CertificateVerify, and Finished Day 12: Session Resumption and PSK Day 13: 0-RTT Early Data Day 14: Challenge Day — Annotated Wireshark Capture
Day 15: mTLS — Client Certificate Authentication Day 16: Record Layer — Encryption, Nonces, and Padding Day 17: Alert Protocol and Error Handling Day 18: TLS Extensions — SNI, ALPN, supported_groups Day 19: OCSP Stapling and the status_request Extension Day 20: TLS 1.3 vs 1.2 — What Changed and Why Day 21: Challenge Day — mTLS Echo Server in Rust
Day 22: ASN.1 and DER Encoding Day 23: X.509 Certificate Structure — TBSCertificate Day 24: Core Extensions — BasicConstraints, KeyUsage, EKU Day 25: SANs, AKI, SKI, and pathLenConstraint Day 26: Certificate Chain Validation — RFC 5280 §6 Day 27: CRL Structure and Distribution Day 28: OCSP Protocol — Requests, Responses, Delegated Responders
Day 29: CA Hierarchy Design Day 30: Certificate Transparency Day 31: Certificate Lifecycle — CSR, Issuance, Renewal, ACME Day 32: Debugging Certificates Day 33: Rust X.509 Tooling — rcgen, x509-parser, rustls internals Day 34: Final Challenge — TLS Inspector CLI