Shulou(Shulou.com)06/01 Report--

This article mainly explains how the connection between HTTP and HTTPS is established. The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn how the connection between HTTP and HTTPS is established.

How is the HTTP and HTTPS connection established?

1. Establish a connection

Both HTTP and HTTPS need to transfer data on the basis of establishing a connection, which is a basic operation.

When the customer enters the URL in the browser, the browser will look for the corresponding record in the browser DNS cache, the local DNS cache, and the Hosts. If it does not get it, it will request the DNS service to obtain the corresponding ip.

When the ip is obtained, the tcp connection makes a three-way handshake to establish the connection

2. Tcp's three waves and four waves

Process diagram

3. Three-way handshake (establishing connection)

* times: when establishing a connection, the client sends a SYN packet (syn=j) to the server and enters the SYN_SEND state, waiting for the server to confirm

The second time: the server receives the SYN packet and returns ACK (ack=j+1) to the client. At the same time, it also sends a SYN packet (syn=k), that is, the SYN+ACK packet, and the server enters the SYN_RCVD state.

The third time: the client receives the SYN+ACK packet of the server and sends the confirmation packet ACK (ack=k+1) to the server. After the packet is sent, the client and the server enter the ESTABLISHED state and complete the three-way handshake.

After completing the three-way handshake, the client and the server begin to transfer data, that is, the ESTABLISHED state.

The three-way handshake ensures that invalid connections will not be established, thus wasting resources.

4. Four-way handshake (disconnect)

* times: the TCP client sends a FIN to shut down the data transfer from the client to the server.

The second time: the server receives this FIN, which sends back an ACK, confirming that the serial number is the received serial number plus 1. Like SYN, a FIN will take a sequence number.

The third time: the server closes the client's connection and sends a FIN to the client.

The fourth time: the client sends back an ACK message for confirmation, and sets the confirmation sequence number to receive the sequence number plus 1.

5. HTTP request process

After the connection is established, the client will send a response to the server.

The server accepts the request and sends it to the client in response

The client receives the response and parses the response to the user

HTTPS

When using HTTPS, you need to ensure that the corresponding security certificate is configured correctly on the server side.

The client sends a request to the server

The server returns the public key and certificate to the client

After receiving, the client verifies the security of the certificate. If it is passed, a random number is randomly generated, encrypted with the public key, and sent to the server.

After receiving the encrypted random number, the server will decrypt it with the private key to get the real random number, and then use the random number as the private key to symmetrically encrypt the data to be sent.

After receiving the encrypted data, the client decrypts the data using the private key (that is, the generated random value) and parses the data to present the result to the customer.

SSL encryption establishment

How does HTTPS establish a connection and how is it encrypted?

So how does HTTPS establish a connection, and how do you negotiate an encrypted password? HTTPS, like HTTP, first establishes a TCP connection, but does not immediately issue a request for specific resources, but first discusses the encrypted password with the other party. The process of negotiating an encrypted password is the process of establishing a TSL connection.

In fact, there is no real connection, just a layer of encryption protocol on the newly established TCP connection. But it is also vividly called connection establishment. The specific establishment method is as follows: the customer server sends the server a HELLO package with a list of encryption protocols that I support. After receiving it, the server also sends a HELLO packet to the client, which contains the encryption algorithm selected by the server and its own digital certificate information.

After you get his digital certificate information, you need to go to CA to verify the certificate. If you know the other party's public key after the verification is successful, you should inform the server of our future password for symmetrical encryption. Of course, this password should be encrypted with the public key. Before this message is sent, the client will send a message telling the server that my next message will be encrypted using the encryption protocol you just selected, and the next message will be encrypted, make no mistake. Then send the symmetrically encrypted ciphertext to the server. After receiving it, the server will generate a series of complex encryption algorithms according to the symmetric key. When transmitting to the customer server, the client will send a Finished Message to the server after receiving the message, and the server will also reply a Finished Message after receiving the message. At this time, we finally completed the preparation for encryption, all the encryption methods and keys have been discussed, and we can finally transmit data. At this point, the process of establishing a connection for TSL is over.

At present, the most secure way to protect the website is to deploy SSL certificate for the website. SSL certificate provides us with a more secure, private and healthy Internet environment. SSL certificate encrypts the data in transmission to prevent hackers from stealing or even tampering with data, and protect users' personal information and corporate confidential data.

Thank you for your reading, the above is the content of "how HTTP and HTTPS connections are established". After the study of this article, I believe you have a deeper understanding of how HTTP and HTTPS connections are established, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.