Shulou(Shulou.com)06/02 Report--

This article introduces the principle of HTTPS protocol and its difference with HTTP protocol. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

What is the HTTPS protocol?

Https protocol has one more s than http protocol, which literally means s=secure. Like http protocol, it is an application layer protocol and works on top of TCP protocol.

It's just that the data of https protocol is encrypted in the process of transmission. In essence, the HTTPS protocol adds a layer of SSL protocol to the TCP protocol to achieve the encryption operation (not exactly HTTPS is the HTTP protocol under the guise of SSL)

The difference between 2HTTPS and HTTP

The HTTP protocol works on port 80, and the HTTPS protocol works on port 443.

HTTPS needs to apply for a certificate (used to verify server identity)

HTTP can start to transmit data after the TCP three-way handshake establishes the connection; HTTPS protocol requires that the client and the server encrypt the SSL after the establishment of the TCP connection, determine the conversation key, and then begin to transmit data after the encryption is completed.

HTTPS protocol transmission is ciphertext, HTTP protocol transmission is plaintext

The general difference is on the above four points, in fact, the most important thing is the process of generating the conversation key by encrypting the conversation with SSL protocol.

Before you know the specific SSL protocol, you need to understand two encryption concepts.

3 symmetrical encryption

The same key can be used for both encryption and decryption of information. This encryption method is called symmetric encryption, also known as shared key encryption. This method has a problem in the network transmission, that is, how to safely deliver the key to the other party, because the http protocol is plaintext transmission (https protocol is plaintext transmission when establishing ssl encryption), so the key is easily intercepted by monitoring, thus losing the meaning of the key itself.

Public key encryption

Suppose the user is the server, and the server has two keys, one is the private key (you can only read it quietly, which can be compared to the key), and the other is the public key (whichever you look at can be compared to the lock). The server sends the public key to the client, which uses the public key to encrypt the information to be sent, and then sends it to the server (locking the data in the box with a lock). Because the information is encrypted through the public key of the server, only the server can use its own private key to parse (open the lock with the key to get information). Because the private key is kept in the server all the time, and only the private key can parse the content of public key encryption, so the secure transmission of data is realized by this method.

However, because it is necessary to use the private key to parse the public key every time in order to obtain the data, if the public key is very long, the amount of computation will be very large, which will occupy the performance of CPU, thus increasing the network delay.

HTTPS protocol uses these two ways at the same time, that is, a conversation key is generated by public key encryption, and the data is transmitted by symmetrically encrypting the conversation key.

SSL protocol

The client sends a request to the server that contains

Compression methods supported by encryption methods supported by random numbers generated by clients of supported SSL protocol versions (the first random number)

The server receives the client request and sends a response to the client

Responses include

Confirm the random number produced by the protocol version server (the second random number) to determine the encrypted method server's certificate (the server's public key is in it)

The client receives the request and verifies the certificate (verify the issuer of the certificate, whether the domain name in the certificate is consistent with the actual domain name, whether the certificate expires, if not, the browser will display a warning), and if it passes the verification, the client will send a response.

Requests include

The client generates a random number, and the random number is encrypted through the server's public key (the third random number) encodes a change notification (indicating that subsequent communications will communicate through a mutually agreed encryption algorithm) the client handshake end notification, indicates that the client's handshake phase is over. This item is also the hash value of all the previously sent content, which is used for verification by the server.

The server returned a response

Code change notification (indicating that subsequent communications will communicate through a mutually agreed encryption algorithm) the server handshake end notification, indicating that the server handshake phase has ended. This item is also the hash value of all the previously sent content, which is used for client verification.

The encryption process of the whole SSL protocol is roughly like this, and the process of encrypting the conversation is transmitted in clear text (because the HTTPS has not been built yet).

The core of the whole encryption process is the three random numbers generated by the client and the server, which are used to generate the encryption key for subsequent data transmission. From the above process, we can see that these three random numbers can not be stolen, but because the third random number uses the server's public key for encrypted transmission, in theory, only the server's private key can be used to parse the third random number. Therefore, the conversation private key generated by these three random numbers is secure, and the subsequent data transmission will use this dialogue private key for encryption (symmetrical encryption), thus ensuring the security of transmission and the efficiency of data transmission.

About the principle of the HTTPS protocol and what is the difference between the HTTP protocol and share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.