Article Directory
- HTTPS
- [1] HTTP shortcomings
- [2] TCP / IP may be tapped
- [3] encrypted to prevent eavesdropping
- [4] does not verify the identity of communications
- [5] Unable to verify message integrity
- summary
HTTPS
- The HTTP S = the HTTP + the SSL (Secure Sockets Layer)
[1] HTTP shortcomings
- Communication useExpressly(Not encrypted), the content may be tapped '
- Does not verify the identity of the communicating partiesMay encounter disguise
- Unable to verify messageIntegrityYou may encounter tampering
[2] TCP / IP may be tapped
- Eavesdrop: only need to collect the flow on the InternetData packets (frame)- Ethereal
[3] encrypted to prevent eavesdropping
Communication Encryption
- bySSL (Secure Socket Layer Secure Sockets Layer) Or TCL (Transport Security secure transport protocol), encrypted HTTP traffic.
- Use SSL to establish a secure communication line--HTTPS (HTTP Secure Hypertext Transfer Protocol Secure)
Content encryption
Since not encrypt the entire communication process, so there is still a great risk
[4] does not verify the identity of communications
- Anyone can initiate a request, and the server will return a response
- Risks:
(1) server encountered camouflaged
face camouflage clients (2)
(3) can not determine the origin of the request
(4) can not determine whether they have access to the communication partner
(5) even if the request will accept whatever is meaningless Dos attacks unable to organize vast amounts requested under
Identify other certificates confirm the identity zhnegshu
- HTTP protocol can not confirm the identity, but can be SSL, SSL encryption protocol provides not only the means but also providesCertificate means
- Certificate: It is issued by a trusted third party, for the identification of client and server
[5] Unable to verify message integrity
- Encounter middle attack (man-in-the-middle attack MITM)
- SSL providesSummary function
summary
HTTP four shortcomings can be resolved by SSL
(1) non-encrypted communication problems --SSL encryption, to resume a secure channel
(2) does not authenticate the certificate issue --SSL by means
(3) does not verify the integrity of the message digest function by --SSL
[6] encrypted HTTPS = HTTP + + + integrity protection certification
HTTPS is a security technology:http:// ——> https://
[7] is wearing HTTPS HTTP over SSL
- HTTP SSL communication to begin, and then establish a TCP connection with SSL
- SSL is an HTTP protocol independent existence, may be combined with other operating SSL protocol in the application layer
SSL is currently the world's most widely used network security technology
[8] SSL Encryption - A public-key encryption
- Modern encryption methods:
Encryption algorithm public
key secret
- Encryption and decryption keys are required, so that the attacker can not obtain key
Shared key and public key
- Shared key encryption: encryption and decryption use the same key, send key information should be sent to the other party to decrypt
- Public key encryption
Two keys: a public key and a private key
sender uses the public key of
the recipient private key
Key is a public key and a private key (actually there are many sets), the sender uses the public key to encrypt information, but also tells the receiver which is set so that the recipient can use the corresponding private key decryption
Because the shared key needs to be transmitted when sending encrypted key information, after being taken with no Han
[9] HTTPS hybrid encryption method
- Sharing the encryption method: fast, poor security
- Disclosed encryption method: slow, safe
- HTTPS:Phase exchange key using public key encryption method, after the stage of establishing a communications exchange messages using a shared key encryption method
- Exchange of public key stages: let the process server has a private key
Proven public key certificate
How to determine the use of public key that corresponds to the set of server release
- Using the public key certificate (a digital certificate authority issued)
EV SSL Certificates
- Proof of real operating companies
Client Certificate
- For example: Internet Banking using client certificates, in addition to input user ID, password, client certificates will be asked to confirm whether the user isAccessing from a particular network terminal silver
[10] HTTPS complete communication
[11] Why not always use HTTPS
- Encrypted communication consumes more memory and CPU
- Saving the cost of buying a certificate
- Sensitive information before using HTTPS