How HTTPS works

Refer to "Graphical http"

Shell Net http://www.guokr.com/post/114121/

How HTTPS works

Added a layer: HTTPS process: Application layer Http->ssl/tls->tcp->ip

Why not always use HTTPS?

Encrypted transmissions consume a lot of CPU and memory resources compared to plain text transfers, and HTTPS is about 2-100 times slower than HTTP. Its slow manifestation at two points: 1. Slow communication 2. Slow processing

HTTPS requires a handshake between the client (browser) and the server (Web site) before transmitting the data,

In the handshake process will establish the two sides encrypted transmission of data password information. Asymmetric encryption , symmetric encryption , and hash algorithms are used in Tls/ssl. A brief description of the handshake process is as follows:

1. Browser sendSelf-supporting set ofEncryption RulesTo givewebsite。
2.websiteChoose a set of encryption algorithm and hash algorithm,Send your identity information as a certificateTo giveBrowser。 The certificate contains information such as the website address, the encrypted public key, and the issuing authority of the certificate.
3.BrowserAfter obtaining the website certificate to do the following work:
Averifying the legality of a certificate(The certificate Authority is legal, the certificate contains the address of the website is consistent with the address being accessed, etc.), if the certificate is trusted, the browser bar will display a small lock, otherwise the certificate is not trusted to prompt.
b) If the certificate is trusted, or if the user accepts a certificate that is not trusted,the browser generates a string of random numbers of passwords, and using the certificate provided in the Public Key cryptography。
c) Use the agreedHash calculation Handshake message, and usegenerates a random number to encrypt a message, and finally all the information that was generated beforeSend to website。
4.websiteAfter receiving the data from the browser, do the following:
A) Use your ownprivate KeyThe informationdecryptionRemove the password, use the password to decrypt the handshake message from the browser, andVerify Hashis consistent with the browser's sending.
b) UsePassword Encrypt a handshake message，SendTo giveBrowser。
5.the browser decrypts and computes the hash of the handshake message, if the service-sideHash Consistent, at this timeend of handshake process，after all the communication dataWill be generated by the previous browserRandom Passwordand using symmetric encryption algorithm for encryption。
Here the browser and the Web site to send encrypted handshake message and verify, the purpose is to ensure that both sides have obtained a consistent password, and can be normal encryption and decryption of data, for the subsequent transmission of real data to do a test. In addition, HTTPS generally uses the encryption and hashing algorithm as follows:
Asymmetric Encryption algorithm: RSA,DSA/DSS
Symmetric encryption algorithm: Aes,rc4,3des
Hash algorithm: md5,sha1,sha256

which

The asymmetric encryption algorithm is used to encrypt the generated password during the handshake.

symmetric encryption algorithms are used to encrypt the data that is actually transmitted ,

The hash algorithm is used to verify the integrity of the data .

Because the password generated by the browser is the key to the entire data encryption, the asymmetric encryption algorithm is used to encrypt it at the time of transmission.

Asymmetric encryption algorithms generate public and private keys, the public key can only be used to encrypt data , so can be transferred at will, and the Web site's private key is used to decrypt the data , so the site will be very careful to keep their private keys to prevent leakage.

If there are any errors during the TLS handshake, the encrypted connection will be disconnected, thereby preventing the transfer of private information.

How HTTPS works