7.1 HTTP's shortcomings
- Communication plain text, content may be tapped
- Does not verify the identity of the communicating parties, it is likely to encounter disguise
- Can not you prove message integrity, so there may have been tampered with
Encrypted authentication 7.2 HTTP + + + integrity protection = HTTPS
7.2.2 HTTPS is wearing HTTP SSL housing
7.2.3 exchange public key encryption key
1. What is the shared key encryption (symmetric key encryption)?
Because the encryption and decryption using the same key, so the key is how to safely care for each other? Send key there is the risk of eavesdropping, but does not send the other party can not be decrypted.
2. The public key encryption using two keys
Public key encryption using an asymmetric key couple. One called the private key. Another called the public key. The party sending the key to use the other's public key encryption, the encrypted information by the other party, then use your private key to decrypt. In this way, the transmission does not require the private key to decrypt.
3.HTTPS hybrid encryption mechanism
Mixed encryption shared-key encryption and public key both encrypted and used. Because public key encryption processing speed slower than the shared encryption.
Using public key encryption key links in exchange, after establishing communication message phase using a shared key encryption.
7.2.5 HTTPS secure communication mechanism
HTTPS communication step
- The client begins by sending the Client Hello SSL communication. Specifies the version of SSL packet includes the client supports, list of components encryption (encryption algorithm and key length used)
- When the server SSL communication, conference Server Hello response. And the client, as well as versions of SSL encryption components included in the packet.
- After the server sends Certficate message. Packet contains a public key certificate.
- Finally, the server sends Server Hello Done message to inform the client, the end of the SSL handshake negotiation part of the initial phase.
- After the end of the first handshake SSL, client to Client Key Exchange message response.
- Then the client continues to send the message Change Clipher Spec.
- The client sends Finished message. The handshake is able to succeed, it should take the server is able to correctly decrypt the message as a criteria.
- Change Clipher Spec same server to send messages.
- Finished server sends the same message.
- 服务器和客户端的Finished报文交换完毕之后,SSL连接就算建立完成。
- 应用层协议通信。
- 最后由客户端断开连接。
HHTPS存在的问题?HTTPS比HTTP慢多少倍?SSL慢分哪两种?
