Shulou(Shulou.com)06/01 Report--

What this article shares with you is the example analysis of HTTP and HTTPS. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Background: as more and more mainstream websites have used HTTPS as a server-side developer

You must understand the advantages and disadvantages of HTTPS.

There may be some problems such as information eavesdropping or identity camouflage in HTTP protocol, and the use of HTTPS communication mechanism can effectively prevent these problems.

First, the shortcomings of HTTP:

1. Communication uses plaintext not to encrypt data (content is easy to eavesdrop)

two。 Do not verify the identity of the communicating party (easily camouflaged)

3. Unable to determine message integrity (content can be easily tampered with)

2. HTTPS introduction:

What is HTTPS: HTTP used in combination with SSL (secure Sockets layer) is called HTTPS (HTTP Secure, Hypertext transfer Security Protocol).

Encryption processing to prevent eavesdropping: communication encryption. HTTP protocol is used in combination with SSL to encrypt the communication content of HTTP. After establishing a secure communication line with SSL, you can communicate on this line.

HTTP + encryption + authentication + integrity protection = HTTPS

After using https, the URL:

When using the http protocol, HTTP communicates directly with TCP. When using SSL, it needs to communicate with SSL first, and then by SSL and TCP.

3. SSL introduction:

Understand the encryption method before introducing SSL

There are two main encryption methods: one is shared key encryption (symmetric key encryption), the other is public key encryption (asymmetric key encryption).

1. Shared key encryption: encryption and decryption use the same key

In other words, while encrypting, the key will also be sent to the other party. The key may be stolen in the process of sending the key, so how to solve this problem? The solution to this problem, look back.

2. Public key (asymmetric key)

The public key uses a pair of asymmetric keys. One is called the private key, the other is called the public key, the private key is not known to anyone, and the public key is sent at will.

In other words, the sending party uses the other party's public key to encrypt, and after receiving the message, the other party uses the private key to decrypt it. It is difficult to restore information without using a private key.

III. Hybrid encryption mechanism

HTTPS uses a mixture of shared key encryption and public key encryption, both of which have their own advantages. Shared key encryption processing speed is fast, but the key can not be safely sent to each other; public key encryption processing speed is slow, but the key can be safely exchanged.

But if we use the two encryption methods together, the two encryption methods can complement each other. In other words, the public key encryption method is used to securely exchange the key to be used in the shared key encryption, and the shared key encryption method is used to communicate on the premise of ensuring the security of the key.

Use a certificate to prove the correctness of the public key

How to prove that the received public key is the key that was originally expected to be issued by that server. Perhaps the real public key has been replaced in transit.

In order to solve the problem of this song, there can be public key certificates issued by digital certificate certification authorities and related institutions, so that we can determine whether the public key is correct.

The above is the example analysis of HTTP and HTTPS. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.