SSL (Secure Socket Layer)

Source: Internet
Author: User

SSL (Secure Socket Layer)
Developed for Netscape to ensure the security of data transmission over the Internet, encryption ensures that data is stored on the network.
During the above transmission, it will not be intercepted or eavesdropped. At present, the general specification is 40 bits, and the US has released 128 bits for higher security.
Standard, but restricted. Only the I. e. or Netscape Browser later than version 3.0 supports SSL.
The current version is 3.0. It has been widely used for identity authentication and encrypted data transmission between Web browsers and servers.
The SSL protocol is located between the TCP/IP protocol and various application layer protocols to provide security support for data communication. The SSL protocol can be divided into two layers: SSL record protocol (SSL record Protocol): it is built on a reliable transmission protocol (such as TCP, provides data encapsulation, compression, encryption, and other basic functions for high-level protocols. SSL handshake protocol: It is built on the SSL record protocol, used for identity authentication and negotiation encryption before the actual data transmission starts.AlgorithmAnd exchange encryption keys.

SSL provides the following services:
1) authenticate users and servers to ensure that data is sent to the correct client and server;
2) encrypt data to prevent data theft;
3) maintain data integrity and ensure that data is not changed during transmission.

SSL protocol workflow:
Server Authentication phase: 1) the client sends a start message "hello" to the server to start a new session connection. 2) the server determines whether to generate a new CMK based on the customer's information. If necessary, the server will include the information required to generate the CMK in response to the customer's "hello" information. 3) the customer generates a CMK Based on the server response information and encrypts it with the public key of the server before sending it to the server. 4) The server restores the CMK, and return a CMK authentication information for the customer to authenticate the server.
User Authentication: Prior to this, the server has passed the customer authentication, which completes the customer authentication. The authenticated server sends a question to the customer, and the customer returns the question signed by (number) and the Public Key to provide the server with authentication.
from the services provided by the SSL protocol and their workflow, we can see that the basis for running the SSL protocol is the merchant's commitment to the confidentiality of consumer information, which is beneficial to the merchant and is not conducive to the consumer. In the early stage of e-commerce, most enterprises that operate e-commerce are large companies with high reputation, so this problem has not been fully exposed. However, with the development of e-commerce, various small and medium enterprises are also involved, which leads to the problem of single authentication in the electronic payment process becoming more and more prominent. Although SSL3.0 uses digital signatures and digital certificates to verify the identity of both the browser and the web server, the SSL protocol still has some problems, such, the SSL protocol can only provide mutual authentication between the client and the server in the transaction. In electronic transactions involving multiple parties, the secure transmission and trust relationship between the parties cannot be coordinated. In this case, the two credit card organizations, Visa and MasterCard, have developed a SET agreement to provide global standards for online credit card payment.

HTTPS introduction
HTTPS (Secure Hypertext Transfer Protocol) Secure Hypertext Transfer Protocol
developed by Netscape and built in its browser, it is used to compress and decompress data and return the results of network upload and return. HTTPS actually uses Netscape's full Socket Layer (SSL) as the child layer of the HTTP application layer. (HTTPS uses port 443 instead of using port 80 as HTTP to communicate with TCP/IP .) SSL uses 40-bit keywords as the RC4 stream encryption algorithm, which is suitable for business information encryption. HTTPS and SSL support X.509 digital authentication. If necessary, you can confirm who the sender is ..
HTTPS is an HTTP channel targeted at security. It is simply a secure version of HTTP. That is, the SSL layer is added under HTTP. The Security Foundation of HTTPS is SSL. For details about encryption, see SSL.
it is a URI Scheme (Abstract identifier system) with syntaxes similar to http: system. Secure HTTP data transmission. Https: the URL indicates that HTTP is used, but HTTPS has a default port different from HTTP and an encryption/authentication layer (between HTTP and TCP ). The system was initially developed by Netscape, which provides authentication and encrypted communication methods and is now widely used for secure and sensitive communications on the World Wide Web, such as transaction payment.
restrictions
its security protection relies on the correct implementation of browsers and support for server software and actual encryption algorithms.
A common misunderstanding is that "bank users Use https online: they can fully protect their bank card numbers from being stolen." In fact, the encrypted connection with the server can protect the bank card number, only the connection between the user and the server itself. The server itself cannot be absolutely secure, which has even been exploited by attackers. A common example is a phishing attack that imitates the domain name of a bank. A few rare attacks occur when the website transmits customer data. Attackers attempt to intercept data during transmission.
commercial websites are expected to quickly introduce new Programs to financial gateway as soon as possible, only the transaction number is retained ). However, they often store bank card numbers in the same database. In rare cases, databases and servers may be attacked and damaged by unauthorized users.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.