HTTPS handshake process

HTTPS joins the SSL protocol based on HTTP, which relies on certificates to verify the identity of the server and encrypt communication between the browser and the server. Specifically how to encrypt, decrypt, verify, and see, the following is called a handshake.

1. Client initiates HTTPS request

2. Configuration of the server side

Servers that use the HTTPS protocol must have a digital certificate, either their own production or CA certificates. The difference is that the certificate you issued requires client authentication to continue access, while using the CA certificate does not pop up the prompt page. This set of certificates is actually a pair of public and private keys. The public key is encrypted for others, and the private key is used for decryption.

3. Transferring certificates

This certificate is actually the public key, but contains a lot of information, such as the certificate Authority, expiration time and so on.

4. Client Resolution Certificate

This part of the work is done with the client's TLS, first verify that the public key is valid, such as the authority, expiration time, etc., if an exception is found, a warning box pops up to indicate a problem with the certificate. If there is no problem with the certificate, then an immediate value is generated and the random value is encrypted with the certificate.

5. Transmitting encrypted information

This part transmits the random value that is encrypted with the certificate, the purpose is to let the server to get this random value, the client and the service side of the communication can be encrypted by this random value to decrypt.

6. Service Segment Decryption Information

After the server is decrypted with the private key, a random value (private key) is obtained from the client, and then the content is symmetric encrypted by this value. The so-called symmetric encryption is that the information and the private key through an algorithm mixed together, so that unless the private key is known, or can not get the content, and just the client and the server know the private key, so long as the encryption algorithm is sturdy enough, the private key is complex enough, the data is safe enough.

7. Transfer of encrypted information

This part of the information is the service segment with the private key encrypted after the information, can be restored on the client.

8. Client Decryption Information

The client uses the previously generated private key to decrypt the information passed by the service segment and obtains the decrypted content.

PS: The whole handshake process third parties, even if they hear the data, are helpless.

Summarize

Why is HTTPS safe?

In the fourth step of the HTTPS handshake, if the site's certificate is untrusted, a confirmation screen appears confirming the authenticity of the site. In addition, the sixth and eight steps, using the client private key encryption and decryption, to ensure the security of data transmission.

HTTPS handshake process