Speaking http and https, you do not know what they have is not the same, first of all let's take a simple look at
http stands for Hypertext Transfer Protocol Vertion (Hypertext Transfer Protocol),
said the popular point is the protocol information with network link transmission text we now look at the types of pages that this stuff. Each time you open the page appears why "http: // In fact, the reason is very simple, because you have to get hypertext information on the network, then you certainly have to follow the norms of its hypertext transfer, just as you are" Heaven and Earth "member you and other "heaven and earth," a member of the first to say, "when the earthquake Gao joint with one of the Western Hills ages show! "And" door towards the sea, triple river flow years, "such Jietouanhao to meet friends and communicate After you say.
So every time the page appears to open the" http: // "just as the above stated Jietouanhao, when the signal to get the correct information.
HTTPS stands for Secure Hypertext Transfer Protocol (Hypertext Transfer Protocol) ,
it is the addition of SSL encryption protocol used to transmit information on the basis of the agreement http. We still use the example in terms of the world will joints, you might think that every time the world will joints are using the "earthquake Gao Gang, with one of the Western Hills ages show!
" Kind of Jietouanhao including women and children, such an organization, what safety at all? Only
to say that it is possible to obtain a signal related to the secret of Heaven and Earth. In fact not the case,
if only the information confidential, the world will probably have long since been a siege of bowls, how can so many legends including women and children by a Jietouanhao it?
In addition to the exchange between them using the Jietouanhao, but may still be used "black," and that some of the world with only the members in order to understand the jargon, so even if the conversation between heaven and earth members information was leaked out, no Secret stuff, who would not know what those words are black? Also HTTPS protocol like information conversation above the world will be like, it will also need to hypertext protocol transport themselves through SSL encryption, so that the plaintext into a "black words" even if the information transmitted is captured man, captured people have no way of knowing its actual content.
> 1.HTTPS monitor what port
No special requirements, it is recommended to use 443 port.
> What's 2.HTTPS certificate format support
HTTPS support pem format certificate, the certificate if it is in another format, please refer to the conversion certificate format.
> What is the difference between a server certificate 3.HTTPS mutual authentication of certificates and CA is
Server certificates: whether the user's browser to check server certificate is sent from the center they trust issued by the server certificate can go to Ali and so shield Certificate Services buy, you can also go to other service providers to purchase. Server certificate needs to be uploaded to the certificate management system for load balancing.
CA certificate: sending the server requires the user browser client certificate, the client certificate is received by the server to verify the CA certificate, if not verified, reject the connection. After opening two-way authentication, CA and server certificates need to be uploaded to the load balancing certificate management systems.
> 4. How to configure HTTPS certificate
HTTPS reference configuration and one-way authentication configuration HTTPS mutual authentication.
5. Why HTTPS protocol traffic generated will be more than the actual flow of some bills
If you use the HTTPS protocol, it will use some traffic for protocol handshake, so the actual flow will be generated more traffic than some of the bill.
6.HTTPS ticket remain
Holding time set to 300 seconds.
A session ticket is an encrypted data BLOB, that contains the need to reuse the TLS connection information, such as session key, etc., it is generally used ticket key encryption, as ticket key server also knows, the server sends a session ticket to the initial handshake client, the client local storage, when reusing a session, the client sends a session ticket to the server, the server decrypts the session and reuse.
7.HTTPS monitor upload DH PARAMETERS
Before ECDHE algorithm cluster support line slb seven https to use security technology, it does not support user will DHE cluster security algorithms needed to enhance file upload parameters, namely pem certificate file containing the string BEGIN DH PARAMETERS field of upload.
8.HTTPS monitor supports SNI
SNI (Server Name Indication) to solve a server using multiple domain names and certificates SSL / TLS extension, currently SLB https listener does not support SNI function, if strong demand, please use the user and TCP listening on the back-end ECS implement SNI function.
9.HTTP transfer protocol HTTPS protocol access function
SLB monitor open additional protocol HTTP header field is recommended to create http monitor when.
After opening the back-end ECS can get to http X-Forwarded-Proto header field, according to this value if http to https protocol to access the access domain name is returned in response to.
10.HTTPS page in the browser address bar prompts insecurity
Are there references to HTTPS HTTP link to access a page of links, if there will be prompted for this cause unsafe.
The above is a http and https analysis of common problems, we organize small series issued by SSL shield, www.ssldun.com [more]