bySSL (Secure Socket Layer Secure Sockets Layer) Or TCL (Transport Security secure transport protocol), encrypted HTTP traffic.
Use SSL to establish a secure communication line--HTTPS (HTTP Secure Hypertext Transfer Protocol Secure)

Content encryption

Here Insert Picture Description

Since not encrypt the entire communication process, so there is still a great risk

[4] does not verify the identity of communications

Here Insert Picture Description

Anyone can initiate a request, and the server will return a response
Risks:

(1) server encountered camouflaged
face camouflage clients (2)
(3) can not determine the origin of the request
(4) can not determine whether they have access to the communication partner
(5) even if the request will accept whatever is meaningless Dos attacks unable to organize vast amounts requested under

Identify other certificates confirm the identity zhnegshu

HTTP protocol can not confirm the identity, but can be SSL, SSL encryption protocol provides not only the means but also providesCertificate means
Certificate: It is issued by a trusted third party, for the identification of client and server

[5] Unable to verify message integrity

Here Insert Picture Description

Encounter middle attack (man-in-the-middle attack MITM)
SSL providesSummary function

summary

HTTP four shortcomings can be resolved by SSL

(1) non-encrypted communication problems --SSL encryption, to resume a secure channel
(2) does not authenticate the certificate issue --SSL by means
(3) does not verify the integrity of the message digest function by --SSL

[6] encrypted HTTPS = HTTP + + + integrity protection certification

Here Insert Picture Description

HTTPS is a security technology:http:// ——> https://

[7] is wearing HTTPS HTTP over SSL

Here Insert Picture Description

HTTP SSL communication to begin, and then establish a TCP connection with SSL
SSL is an HTTP protocol independent existence, may be combined with other operating SSL protocol in the application layer

SSL is currently the world's most widely used network security technology

[8] SSL Encryption - A public-key encryption

Modern encryption methods:

Encryption algorithm public
key secret

Encryption and decryption keys are required, so that the attacker can not obtain key

Shared key and public key

Shared key encryption: encryption and decryption use the same key, send key information should be sent to the other party to decrypt
Public key encryption

Two keys: a public key and a private key
sender uses the public key of
the recipient private key

Key is a public key and a private key (actually there are many sets), the sender uses the public key to encrypt information, but also tells the receiver which is set so that the recipient can use the corresponding private key decryption
Because the shared key needs to be transmitted when sending encrypted key information, after being taken with no Han

[9] HTTPS hybrid encryption method

Sharing the encryption method: fast, poor security
Disclosed encryption method: slow, safe
HTTPS：Phase exchange key using public key encryption method, after the stage of establishing a communications exchange messages using a shared key encryption method
Exchange of public key stages: let the process server has a private key

Proven public key certificate

How to determine the use of public key that corresponds to the set of server release

Using the public key certificate (a digital certificate authority issued)

EV SSL Certificates

Proof of real operating companies

Client Certificate

For example: Internet Banking using client certificates, in addition to input user ID, password, client certificates will be asked to confirm whether the user isAccessing from a particular network terminal silver