Shulou(Shulou.com)06/02 Report--

HTTPS, also known as HTTP over TLS. The predecessor of TLS is SSL. HTTPS adds another layer of module to HTTP to deal with encrypted information. The information transmission between the server and the client is encrypted through TLS, so the transmitted data is encrypted.

Compared with the HTTP protocol, HTTPS provides

Data integrity: content transmission has been verified for integrity

Data privacy: the content is symmetrically encrypted, and each connection generates a unique encryption key

Authentication: a third party cannot forge the identity of the server (client)

1. The client initiates a HTTPS request

There is nothing to say about this, except that the user enters a https URL in the browser and connects to port 443 of server.

two。 Server configuration

Servers using HTTPS must have a set of digital certificates, which can be made by themselves or applied to the organization. The difference is that self-issued certificates need to be verified by the client before they can continue to be accessed, while certificates applied for by trusted companies do not pop up the prompt page (startssl is a good choice, with a 1-year free service). This set of certificates is actually a pair of public and private keys. If you don't quite understand the public key and private key, you can think of it as a key and a lock, but you are the only one in the world who has this key. You can give the lock to someone else, and others can use this lock to lock up the important things and then send them to you. Because only you have this key, only you can see what is locked by this lock.

3. Transfer certificate

This certificate is actually a public key, but contains a lot of information, such as the issuing authority of the certificate, the expiration time, and so on.

4. Client resolution certificate

This part of the work is done by the client's TLS, which will first verify whether the public key is valid, such as the issuing authority, expiration time, and so on. If an exception is found, an alarm box will pop up to indicate that there is a problem with the certificate. If there is nothing wrong with the certificate, a random value is generated. The random value is then encrypted with a certificate. As mentioned above, lock the random values with a lock so that you can't see the locked content unless there is a key.

5. Transmit encrypted information

What this part transmits is the random value encrypted with the certificate, the purpose is to let the server get this random value, and then the communication between the client and the server can be encrypted and decrypted through this random value.

6. Service segment decrypts information

After decrypting with the private key, the server obtains the random value (private key) transmitted by the client, and then encrypts the content symmetrically through this value. The so-called symmetric encryption is that the information and the private key are mixed together through a certain algorithm, so that the content cannot be obtained unless the private key is known, and both the client and the server know the private key, so as long as the encryption algorithm is tough enough and the private key is complex enough, the data is secure enough.

7. Transmit encrypted information

This part of the information is encrypted by the service segment with a private key and can be restored on the client side.

8. Client decrypts information

The client decrypts the information sent by the service segment with the previously generated private key, and then obtains the encrypted content. Throughout the process, even if the third party overheard the data, there was nothing they could do about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.