HTTPS establishment process

Others 2020-10-29 11:35:15 views: null

**

HTTPS connection establishment process

**







Order of thinking

What do you always ask when learning technology? This is no exception. Why does https exist, what are its advantages, and what are its disadvantages? Why do some websites use http and some use https? If you can't answer well, just look down.

Problems with http communication

  • Easy to be monitored
    • HTTP communication is all plaintext, and any point of data may be hijacked during the communication between the client and the server. For example, after sending the bank card number and password, the hacker can see the card number and password after hijacking the data, which is very dangerous
  • Disguised
    • In http communication, there is no guarantee that both parties are legal, and the communicating party may be disguised. For example, if you request www.taobao.com, how do you know that the returned data is from Taobao, and the middleman may return the data disguised as Taobao.
  • Tampered
    • After the hacker tampered with the data, the recipient did not know that the data had been changed

Shared key encryption and public key encryption

For the needs of subsequent content, here is an insertion of shared key encryption and public key encryption

  • Shared key encryption
    • The encryption key and decryption key of the shared key are the same, so it is also called a symmetric key
  • Public key encryption
    • The encryption algorithm is public, and the key is kept secret. The public key is divided into a private key and a public key. The public key is public and can be obtained by anyone (client). The client uses the public key to encrypt data, and the server uses the private key to decrypt the data.
  • Similarities and differences
    • Shared key encryption is faster than public key encryption, but the public key is more suitable for use under the Internet

Problems solved by https

https is a good solution to the three shortcomings of http (monitored, tampered, and disguised). https is not a new protocol, it is a combination of http+SSL (TLS), and SSL is an independent protocol, so Other protocols such as smtp can also be combined with ssl. https changed the communication method, it changed from http----->tcp to http------>SSL----->tcp; https uses shared key encryption + public key encryption The way

  • Anti-monitoring
    • The data is encrypted, so the data obtained by monitoring is cipher text, which hackers cannot understand.
  • Anti-camouflage
    • Disguise is divided into client disguise and server disguise. The communication parties carry certificates. The certificate is equivalent to an ID card. If there is a certificate, it is considered legal and without a certificate it is considered illegal. The certificate is issued by a third party and is difficult to forge
  • Tamper proof
    • https summarizes the data, and tampering with the data will be perceived. Even if the hacker changes the data from it, it is useless.

https connection process

The communication process that requires authentication on the server side

Write picture description here

  • The client sends a request to the server
  • The server returns the certificate and public key, and the public key exists as part of the certificate
  • The client verifies the validity of the certificate and public key, and if it is valid, it generates a shared key and uses the public key to encrypt and send it to the server
  • The server uses the private key to decrypt the data, uses the received shared key to encrypt the data, and sends it to the client
  • The client uses the shared key to decrypt the data
  • SSL encryption establishment...

The process of client authentication communication

  • The client-side authentication process is basically the same as the server-side authentication process, and the first two steps are missing. In this case, the certificate is stored on the client, and there are few application scenarios, and it is only used in general finance. For example, Alipay and bank clients need to install certificates.

Follow-up question

  • How to ensure the validity of the public key
    • You might think about how to ensure that the public key received by the client is legal and not forged. The certificate accomplishes this task well. The certificate is issued by an authoritative third-party organization and the public key is signed.
  • Disadvantages of https
    • https guarantees the security of communication, but it brings the problem that encryption and decryption consumes computer cpu resources. However, there is a dedicated https encryption and decryption hardware server
  • All major Internet companies, Baidu, Taobao, Alipay, and Zhihu all use the https protocol. Why?
    • Alipay involves finance, so https is used for security reasons. It is understandable why Baidu and Zhihu also use this method? To prevent operator hijacking! During HTTP communication, operators insert various advertisements in the data. After users see them, they send anger to the Internet companies. In fact, these bad things are done by operators (China Mobile, China Unicom, and Telecom). If https is used, operators will not The data is tampered with by the method of interstitial ads.

The above content comes from my personal understanding of the https communication part in the book "Illustrated HTTP", plus the understanding of the answers from the knowledge of the cattle, and the summary







Order of thinking

Guess you like

Origin blog.csdn.net/weixin_45022086/article/details/108855167
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com