HTTPS can be said to be a very high frequency of interview questions
If you don't know this thing, it may be cool, because https is used a lot now
If known, he is secure, and TLS, still barely
If you are familiar with his encryption, handshake, and signature principles, the interviewer will definitely give you a high look
learn from
https://www.jianshu.com/p/6c981b44293d
HTTP is in plain text. If you get the body of the post, you will see the data directly. It is not encrypted. This is plain text.
There are 3 problems with HTTP:
1. Plaintext
2. Both parties may forge
3. Data has been tampered with
So an encryption layer is added between the TCP and HTTP layers
SSL/TLS
Gradually optimized from SSL to now TLS
How are they encrypted?
1. How to ensure encryption security?
Suppose that both the server and the client have a shared key that only they know. You can think of this as an encryption algorithm, and the server has different encryption algorithms for different clients. This encryption method is also called symmetric encryption.
2. How to pass the shared key and ensure that the pass is also secure?
A public key is required, which is asymmetric encryption. Therefore, when sending the shared key, encrypt the shared key with the public key, which is safe.
3. Why is the public key safe?
The server will send the public key to the digital certificate authority to digitally sign the public key. Then the public key + signature form a digital certificate.
The server will then send the digital certificate to the client. After the client gets the digital certificate, it will authenticate the signature on the digital certificate through the public key issued by the third-party security certification authority. (There are two types of digital certificates, which are used to identify the public key of the client and the server respectively)
TLS handshake wave process
The specific meaning of each action will not be said, even if it is written, I can't remember it. It would be nice to be able to write down the general meaning of each step and all the steps. Answering like this is already acceptable to the interviewer, who thinks that you will not be too bad, and your independent learning ability will not be too weak.