How HTTPS works

Source: Internet
Author: User
Tags decrypt server port

HTTPS actually consists of two parts: HTTP + SSL/TLS,

That is, a layer of encryption information is added to the HTTP module. The transfer of information between the server and the client is encrypted through TLS, so the transmitted data is encrypted

1. Client initiates HTTPS request

This is nothing to say, is the user in the browser input an HTTPS URL, and then connect to the server port 443.

2. Configuration of the server side

Servers that use the HTTPS protocol must have a digital certificate that they can make themselves or apply to the organization. The difference is that the certificate you issued requires client authentication to continue access, and the certificate requested by a trusted company does not pop up on the hint page (Startssl is a good choice, with 1 years of free service). This set of certificates is actually a pair of public and private keys. If you do not understand the public key and the private key, you can imagine a key and a lock, but the whole world only you have this key, you can give the lock to others, others can use the locks to lock up important things, and then sent to you, because only you have this key, So only you can see what is locked up by this lock.

3. Transferring certificates

This certificate is actually the public key, but contains a lot of information, such as the certificate Authority, expiration time and so on.

4. Client Resolution Certificate

This part of the work is done with the client's TLS, first verify that the public key is valid, such as the authority, expiration time, and so on, if an exception is found, a warning box pops up, prompting for a problem with the certificate. If there is no problem with the certificate, then a value is generated. The random value is then encrypted with a certificate. As it says above, lock the random values with locks so that the locked content is not visible unless you have a key.

5. Transmitting encrypted information

This part transmits the random value that is encrypted with the certificate, the purpose is to let the server to get this random value, the client and the service side of the communication can be encrypted by this random value to decrypt.

6. Service Segment Decryption Information

After the server is decrypted with the private key, a random value (private key) is obtained from the client, and then the content is symmetric encrypted by this value. The so-called symmetric encryption is that the information and the private key through an algorithm mixed together, so that unless the private key is known, or can not get the content, and just the client and the server know the private key, so long as the encryption algorithm is sturdy enough, the private key is complex enough, the data is safe enough.

7. Transfer of encrypted information

This part of the information is the service segment with the private key encrypted information, can be restored on the client

8. Client Decryption Information

The client uses the previously generated private key to decrypt the information passed by the service segment and obtains the decrypted content. The process the third party, even if he hears the data, is helpless.



How HTTPS works

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.