Article directory
definition
-
HTTP Secure / HTTP over SSL / HTTP over TLS
-
SSL:Secure Socket Layer -> TLS Transport Layer Security
-
Definition: A security layer added under HTTP to ensure HTTP encrypted transmission
-
Essence: A set of symmetric keys is negotiated between the client and the server using asymmetric encryption. The content is encrypted before each message is sent, and decrypted after receipt to achieve encrypted transmission of the content.
-
Why not just use asymmetric encryption?
Asymmetric encryption uses complex mathematical principles, so the calculation is quite complicated. If asymmetric
encryption is completely used to encrypt communication content, it will seriously affect the performance of network communication.
HTTPS connection
- The client requests to establish a TLS connection
- Server sends back certificate
- Client validates server certificate
- After the client trusts the server, it negotiates the symmetric key with the server
- Start communication using symmetric keys
HTTPS connection establishment process
-
Client Hello request to establish information
-
Server Hello The server sends the message back to the client
-
Server certificate trust establishment
-
Pre-master Secret Calculate Master Secret Calculate the key for symmetric encryption
-
Client Notification: Encrypted communication will be used
-
Client sends: Finished
-
Server notification: Encrypted communication will be used
-
Server sends: Finished
After-school questions
1. [Single-choice question] Why does HTTPS message transmission use symmetric encryption instead of asymmetric encryption?
A. Because symmetric encryption is more secure
B. Because symmetric encryption performs better
C. Because the history of asymmetric encryption is too short and not all servers are compatible with asymmetric encryption
Answer: B
Answer analysis: HTTPS message transmission uses symmetric encryption instead of asymmetric encryption, mainly because the performance of symmetric encryption is better. Although asymmetric encryption is more secure, its encryption and decryption speeds are slower due to its higher algorithm complexity. In contrast, symmetric encryption has a simple algorithm, faster encryption and decryption, and can better meet the real-time requirements of the HTTP protocol for message transmission. Therefore, using symmetric encryption in HTTPS can better ensure the efficiency and security of message transmission.
2. [Single-choice question] What is the role of the certificate during the establishment of HTTPS connection?
A. Let the client be sure that the person communicating with it is indeed the person it thinks it is.
B. Let the client be sure that the website it is visiting is not an illegal website
. C. Let the client be sure that its computer is safe enough and has not been invaded.
Answer: AAnswer
analysis: During the establishment process of HTTPS connection, the main function of the certificate is to make the client convinced that the person communicating with it is indeed the person it thinks it is. The certificate is issued by an authoritative third-party organization and contains the server's public key and related information, including the certificate authority (CA), subject, public key, validity period, etc. When the client establishes an HTTPS connection, it will first obtain the server certificate and confirm the identity of the server by verifying the legality and validity of the certificate. Therefore, certificates play a vital role in the establishment process of HTTPS connections to ensure the security and credibility of communications.
3. [Multiple choice question] In the certificate verification step of the HTTPS connection establishment process, what content of the certificate is mainly verified?
A. The legitimacy of the certificate
B. The certificate holder has no recent criminal history
C. The certificate holder has no recent criminal history
D. The certificate’s Host ownership is consistent with the client’s expectations
Answer: A, D
Answer analysis: The certificate verification step of the HTTPS connection establishment process mainly verifies the following contents of the certificate:
A. The legality of the certificate: whether the certificate is issued by an authoritative third-party organization and whether it is within the validity period.
D. Consistency between the certificate's Host ownership and the client's expectations: whether the certificate is associated with the website or service the client expects to access.
Options B and C regarding the criminal history and cybercrime history of the certificate holder are not the main content of certificate verification during the establishment of an HTTPS connection.