0 reply content: All HTTP data is not encrypted. To be precise, HTTPS is not a protocol, but a combination of HTTP and SSL technologies.
SSL is a Secure Socket Layer, which sometimes becomes a Transport Layer Security (TLS). It is an extended Layer between the Transport Layer and the application Layer, the application layer data can be transparently encrypted and then sent out through the transport layer. Therefore, HTTP packets transmitted over SSL are used,
From HTTP Headers to subject is encrypted. HTTP is the application layer protocol. HTTP is the application layer protocol.
Check again
The principle of using the underlying protocols from the application layer is to add the corresponding header information to each layer. The principle of using the underlying protocols from the application layer is to add the corresponding header information to each layer.
Below is the application layer protocol HTTP
The following is a TCP packet, and the data section is filled with HTTP content. The following is a TCP packet, and the data section is filled with HTTP content.
Then, answer the subject's question. The HTTP protocol is encrypted to the data portion of the TCP packet. Therefore, not only the Payload portion of the post data over the TCP layer is encrypted. First of all, we can clearly tell you that accessing the HTTPS site, no matter whether the data in the get request or the post request is
Encryption. For more information about $ _ GET and $ _ POST functions in php, see. Isn't the value submitted to the php file? Why can't I see the php Suffix in the address bar? -The answer in the answer to the weapon King Lishi sauce is used as a small packet capture experiment, and then the keyword string is searched.
As for some respondents, the domain name is not encrypted. This is intercepted by capturing common DNS data packets. It has nothing to do with the SSL/TLS protocol. If you use dnscrypt, you can avoid directly leaking the accessed domain name, but the IP address is public. Technically, there is no way to indirectly obtain the accessed domain name. The client is encrypted first and then transmitted. SSL is not the same as TLS, but they are very similar. TLS is the successor of SSL.
SSL is a binary protocol and HTTP is a protocol. If the address starts with HTTPS, the client first uses HTTP to Connect Port 80 of the target server (this process is not encrypted ). In this process, the version number of both parties is exchanged, and the password that both parties know is selected to verify the identity of both parties and generate a temporary session key. Then, the client uses the corresponding parameters to communicate with the server, and the encryption starts from here. Http does not provide encryption. the encrypted data you see during packet capture is encrypted at the Session Layer (ssl) under http)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.