What is HTTPS?
HTTPS is to add SSL (Secure Sockets Layer) on the basis of HTTP (Hyper Text Transfer Protocol), which ensures the security of the transmission process through transmission encryption and authentication on the basis of HTTP. This avoids problems such as easy eavesdropping of HTTP plaintext transmission, easy camouflage without verification of identity, and easy tampering of unverified message integrity. In addition to being widely used for security-sensitive communications on the Internet, most websites are also being widely adopted.
HTTPS communication mechanism
HTTPS is not just as simple as it http://looks https://, the communication mechanism of HTTPS is more complicated than that of HTTP.
In the first step, the client sends a Client Hellomessage to the server. The message describes the SSL version supported by the client, as well as the encryption algorithm and key length supported by the client.
Server HelloIn the second step, the server sends a message to the client as a response. The message describes the SSL version, encryption algorithm, and key length that the server and the client can use together, which is used as the encryption method for subsequent message transmission.
CertificateIn the third step, the server sends a message to the client . The message contains the public key certificate issued by the digital certificate certification authority (Certificate Authority, CA) and its related agencies.
In the fourth step, the server sends a Server Hello Donemessage to the client to notify the client that the SSL handshake negotiation is over.
In the fifth step, when the client receives the message that the SSL handshake is over from the server, the client first verifies the validity and reliability of the certificate, and then sends Client Key Exchangethe message to the server. The message contains a random key encrypted with the public key in the certificate.
In the sixth step, the client sends a Change Cipher Specmessage to the server. This message is to prompt the server to use the random key for symmetric encryption for subsequent communications.
In the seventh step, the client sends a Finishedmessage to the server. This message contains the overall check value of all messages from the start of the connection to the present. On the server side, the handshake negotiation is successful.
In the eighth step, when the server can correctly decrypt and verify the check value of the client, it also sends a Change Cipher Spec message to the client.
FinishedIn the ninth step, the server also sends the message to the client .
FinishedIn the tenth step, after the message exchange between the server and the client is completed, the SSL connection is established. When the communication will be secured by SSL, start sending HTTP requests and responses.
end
At present, more and more core technologies are "stuck", and some open source software has been banned from being used in my country before. I have a worry, if CA is not "stuck" or even "requisitioned", then my country's network security will be greatly threatened.
I have already seen this, you and I must be destined people, leave your likes and attention , and he will become a great thing in the future.