-carry out security attack (could be any attack like man in the middle) on ssl and TLS(OpenSSL) communication. produce findings.
then implement some more protection and carry out the same attack and reveal the findings showing that the protection prevented the attack.
-you could use any tool or method or any implementation of TLS like OpenSSL or any other.
-need a very brief description of the configuration and audit/findings, just few lines