HTTPS vs. http

Https,http over Ssl,ssl is a network protocol to solve the security problem of transport layer, which is based on the theory of public key cryptography, which realizes the functions of server identity authentication, privacy protection of data and verification of data integrity.

The SSL protocol increases the handshake phase before the HTTP request begins, and the SSL/TLS handshake ——— encrypted HTTP request ——— encrypted HTTP reply

During the SSL handshake phase, the client browser authenticates the identity of the server, which is achieved through a certificate, which is issued by the certificate authority for a domain name, can understand the identity document of the Web site, the client needs to authenticate the certificate, the need to determine whether it belongs to the target site and verify that the certificate itself is valid. Finally, during the handshake phase, both sides of the communication will negotiate a session key for encryption and decryption.

After the end of the SSL handshake phase, the server and client use the negotiated session key to encrypt and decrypt the data for the interaction, and for the HTTP protocol, the HTTP request and reply are encrypted before being sent to the network

The SSL protocol provides authentication to the server, so DNS hijacking causes the connection to the wrong server to be discovered and then terminated, resulting in a DNS hijacking attack that cannot be achieved

1. Client initiated Request

2. The use of HTTPS has a digital certificate, you can make their own, issued by their own certificate will not pop up the hint page this set of certificates is actually a set of public and private keys, you can imagine a key and a lock, just the world only you have this key, you can put the lock to others, Other people can use this lock to lock up important things, and then send you, only you have this key, so only you can see the lock up the thing

3. Transfer the certificate is actually the public key, but contains a lot of information, such as the certificate issued structure, expiration time and so on

4. The client-side resolution certificate is done with the TLS transport security protocol of the client, first verifying that the public key is valid, such as the authority, expiration time, and so on, if an exception is found, a warning box pops up prompting for a problem with the certificate. If there is no problem with the certificate, a random value is generated. The random value is then encrypted with a certificate. Lock the random value with the lock so that you don't see the locked content unless you have a key.

5. Transmitting encrypted information

This part is transmitted by the certificate after the random value of encryption, the future service and client communication can be encrypted and decrypted by this random value

6. Service-Side decryption information

After decrypting the server with the private key, a random value is sent to the client, and then the content is symmetric encrypted by this value. The so-called symmetric encryption is that the information and the private key through an algorithm mixed together, so that unless the private key is known, or can not get the content, and just the client and the server know the private key, so long as the encryption algorithm is sturdy enough, the private key is complex enough, the data is safe enough.

7. Transfer of encrypted information

This part of the information is the service side with the private key encrypted information, can be restored on the client.

8. Client Decryption Information

The client uses the previously generated private key to decrypt the information from the service segment, and then obtains the decrypted content, and the third party, even if it hears the data, is helpless.

HTTPS vs. http