Https link process
Client Hello
sequenceDiagram
客户端->>服务端: Client Hello
The client sends a Client Hello message to the server, which contains the TLS version supported by the client, the cipher suite and a random number generated by the client
Server Hello
sequenceDiagram
客户端->>服务端: Client Hello
服务端-->> 客户端: Server Hello
After receiving the Client Hello message from the client, the server returns a Server Hello message to the client, which contains the TLS version, cipher suite selected for this communication, and a random number generated by the server.
Server certificate
sequenceDiagram
客户端->>服务端: Client Hello
服务端-->> 客户端: Server Hello
服务端-->> 客户端:服务器证书
Then the server sends a certificate of its own to the client. The content of the certificate is generally like this
1.Certificate Format Version
The certificate version number is used to specify the X.509 version number used in the certificate format, which is used for directory query.
2.Certificate Serial Number
Certificate serial number, the certificate issuer specifies the unique serial number of the certificate to identify all certificates issued by the CA for directory query.
3.Signature Algorithm Identifier
Signature algorithm identifier, used to specify the signature algorithm (such as SHA-1, RSA) used by this certificate.
4.Issuer
The name of the CA that issued this certificate, which is used to specify the identifiable unique name (DN, Distinguished Name) of the CA that issued the certificate for authentication.
5.Validity Period
Certificate validity period, specify the certificate start date (notBefore) and end date (notAfter) to verify the validity of the certificate.
6.Subject
User Principal Name, used to specify the X.500 Unique Name (DN) of the certificate user for authentication.
7.Subject Public Key Information
User principal public key information.
(1) Algorithm Identifier, algorithm identification. The algorithm used to identify the public key.
(2) Subject Public Key, the public key of the user subject. Used to identify the public key itself, used for encryption/decryption and digital signatures.
8.Issuer Unique ID
An optional unique identifier for the issuer, which is rarely used.
9.Subject Unique ID
Unique identification of the owner of the subject certificate, rarely used.
10.Extensions
Certificate extensions (extended fields) to specify additional information.
Verify the certificate
验证的内容主要是两个:1、公钥的合法性。 2、证书的用户主体信息 公钥的校验可以通过证书链来验证,验证证书的用户主体信息可以避免拦截者通过向证书机构申请证书之后把证书返回给客户端。也就是说验证公钥的同时验证公钥提供者的身份是不是客户端要访问的服务端。
sequenceDiagram
客户端->>服务端: Client Hello
服务端-->> 客户端: Server Hello
服务端-->> 客户端:服务器证书
客户端->> 服务端:Premaster Secret
证书验证通过之后,客户端将前面的客户端随机数、服务端随机数生成一个Premaster Secret,之后发给服务端,至此,服务端和客户端都拥有一份相同的客户端随机数、服务端随机数和Premaster Secret。然后client和server会使用 Pseudo-Random Function 生成一个Master Secret,Master Secret用于在客户端和服务端两边生成:客户端加密密钥、服务端加密密钥、客户端 MAC Secret、服务端MAC Secret。
客户端加密密钥:用于加密客户端发送的消息。 服务端加密密钥:用于加密服务端发送的消息。 客户端 MAC Secret:用于对客户端发送的消息做hash算法用的Secret。 服务端MAC Secret:用于对服务端发送的消息做hash算法用的Secret。
为什么要客户端和服务端各自有一套加密密钥和MAC Secret呢? 这样是为了防止拦截者把客户端发送的消息原封不动的返回给客户端,如果用的是同一套则客户端会认为这是服务端返回回来的消息。