[Turn] HTTPS connection establishment

Others 2019-12-04 23:08:25 views: null

Original link: https://www.cnblogs.com/shiqi17/p/9756880.html

https://www.jianshu.com/p/bd75ab32ae57

Click the HTTP process to establish a connection: HTTP three-way handshake, an HTTP request is what happened

A, HTTPS

 
HTTP is the Hypertext Transfer Protocol. HTTP protocol to transmit data is unencrypted, clear text that is, so using HTTP protocol to transmit private information very unsafe. To ensure the privacy of data transmission can be encrypted, so designed Netscape SSL (Secure Sockets Layer) protocol for data transmitted over HTTP are encrypted, and thus was born HTTPS. SSL current version is 3.0, the IETF (Internet Engineering Task Force) is defined in RFC 6101, followed by IETF for SSL 3.0 has been upgraded, so there TLS (Transport Layer Security) 1.0, defined in RFC 2246. In fact we are now the HTTPS protocol TLS is used, but due to time SSL appear relatively early, and still is now supported browser, SSL HTTPS is still synonymous, but whether it is TLS or SSL is the last century thing, the last version of SSL 3.0, TLS will inherit the future SSL encryption services to continue excellent pedigree for us. TLS version 1.2 is currently defined in RFC 5246, the not yet widely used

  • HTTPS encryption over HTTP using SSL / TLS. They are based on TCP / IP
     
HTTPS connection establishment process

HTTPS For both safety and efficiency, while using a symmetric encryption and asymmetric encryption. In the transmission process involves three key:

  • Server public and private keys, asymmetric encryption is used for

  • Client-generated random key used for symmetric encryption

 
image
FIG above, HTTPS connection procedure can be divided into eight steps:
  • 1, client access HTTPS connection.

客户端会把安全协议版本号、客户端支持的加密算法列表、随机数C发给服务端。

  • 2、服务端发送证书给客户端

服务端接收密钥算法配件后,会和自己支持的加密算法列表进行比对,如果不符合,则断开连接。否则,服务端会在该算法列表中,选择一种对称算法(如AES)、一种公钥算法(如具有特定秘钥长度的RSA)和一种MAC算法发给客户端。

服务器端有一个密钥对,即公钥和私钥,是用来进行非对称加密使用的,服务器端保存着私钥,不能将其泄露,公钥可以发送给任何人。

在发送加密算法的同时还会把数字证书和随机数S发送给客户端

  • 3、客户端验证server证书

会对server公钥进行检查,验证其合法性,如果发现发现公钥有问题,那么HTTPS传输就无法继续。

  • 4、客户端组装会话秘钥

如果公钥合格,那么客户端会用服务器公钥来生成一个前主秘钥(Pre-Master Secret,PMS),并通过该前主秘钥和随机数C、S来组装成会话秘钥

  • 5、客户端将前主秘钥加密发送给服务端

是通过服务端的公钥来对前主秘钥进行非对称加密,发送给服务端

  • 6、服务端通过私钥解密得到前主秘钥

服务端接收到加密信息后,用私钥解密得到主秘钥。

  • 7、服务端组装会话秘钥

服务端通过前主秘钥和随机数C、S来组装会话秘钥。

至此,服务端和客户端都已经知道了用于此次会话的主秘钥。

  • 8、数据传输

客户端收到服务器发送来的密文,用客户端密钥对其进行对称解密,得到服务器发送的数据。

同理,服务端收到客户端发送来的密文,用服务端密钥对其进行对称解密,得到客户端发送的数据。

Guess you like

Origin www.cnblogs.com/Koaler/p/11986269.html
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com