HTTPS requires a handshake between the client (browser) and the server (Web site) before transmitting the data, which establishes the password information for both parties to encrypt the transmitted data during the handshake. TLS/SSL protocol is not only a set of encrypted transmission protocols, but also an artist-designed artwork, TLS/SSL using asymmetric encryption, symmetric encryption and digest algorithm. A brief description of the handshake process is as follows:
1. The browser sends a set of encryption rules that it supports to the Web site.
2. The website selects a set of cryptographic algorithms and digest algorithms, and sends its own identity information back to the browser in the form of a certificate. The certificate contains information such as the website address, the encrypted public key, and the issuing authority of the certificate.
3. after obtaining the website certificate, the browser will do the following tasks:
A) Verify the legality of the certificate (the issuing authority is legal, the certificate contains the address of the website is consistent with the address being accessed, etc.), if the certificate is trusted, the browser bar will display a small lock, otherwise the certificate is not trusted to prompt.
b) If the certificate is trusted, or if the user accepts an untrusted certificate, the browser generates a random number of passwords and encrypts them with the public key provided in the certificate.
c) computes the handshake message using the agreed-upon digest, encrypts the message using the generated random number, and finally sends all previously generated information to the Web site.
4. after the Web site receives the data from the browser, do the following:
A) Use your own private key to decrypt the information to remove the password, decrypt the handshake message from the browser with a password, and verify that the digest is consistent with the browser.
b) Encrypt a handshake message with a password and send it to the browser.
5. The browser decrypts and computes a digest of the handshake message, and if it is consistent with the digest from the server, at which point the handshake process is complete, then all communication data will be encrypted by the random password generated by the previous browser and by the symmetric encryption algorithm.
Here the browser sends an encrypted handshake message to the website and verifies , the purpose is to ensure that both parties have access to a consistent password, and can encrypt and decrypt the data in a normal, for the subsequent transmission of real data to do a test. In addition, HTTPS generally uses the encryption and digest algorithm as follows:
Asymmetric encryption algorithm: RSA,DSA/DSS
Symmetric encryption algorithm: Aes,rc4,3des
summary algorithm: MD5 , sha1,sha256
The asymmetric encryption algorithm is used to encrypt the generated password during the handshake, and the symmetric encryption algorithm is used to encrypt the data that is actually transmitted, and the digest algorithm is used to verify the integrity of the data. Because the password generated by the browser is the key to the entire data encryption, the asymmetric encryption algorithm is used to encrypt it at the time of transmission. Asymmetric encryption algorithms generate public and private keys, the public key can only be used to encrypt data, so can be transferred at will, and the Web site's private key is used to decrypt the data, so the site will be very careful to keep their private keys to prevent leakage.
If there are any errors during the TLS handshake, the encrypted connection will be disconnected, thereby preventing the transfer of private information. It is because HTTPS is very safe, attackers can not find the place to start, so more is the use of fake certificates to deceive the client, so as to obtain clear text information, but these methods can be identified.
How HTTPS works