Https and SSL learning notes (1) and httpsssl learning notes

Source: Internet
Author: User

Https and SSL learning notes (1) and httpsssl learning notes

1. What is HTTPS?

Before talking about HTTPS, you must first talk about HTTP. We usually use the HTTP protocol to browse Web pages, and the data transmitted between HTTP protocols is in plain text. In this way, transmission of sensitive information is not secure and can be easily stolen. In response to this demand, Netscape designed the SSL protocol to encrypt the data transmitted over HTTP, so HTTPS was born. The last SSL version is 3.0. Later, IETF upgraded SSL3.0, so TLS was available. In fact, the current HTTPS protocol is TLS, but SSL is still supported by browsers.

2. How HTTPS works

HTTPS requires a handshake between the client and the server before data transmission. In this process, determine the password information required for data transmission. During the handshake process, asymmetric encryption algorithms, symmetric encryption algorithms, and HASH algorithms are mainly used.

The handshaking process is described as follows:

(1) The client (browser) sends a set of encryption algorithms supported by the client to the server;

(2) The server selects an encryption algorithm and a HASH algorithm, and sends its identity information to the browser in the form of a certificate, the certificate contains Domain Name Information, Certificate Authority, and encrypted public key.

(3) After obtaining the certificate, the browser needs to do the following:

(A) verify the validity of the certificate, such as whether the certificate authority can trust the certificate, and whether the domain name in the certificate is consistent with the domain name being accessed. If the certificate is trusted, a lock (1) appears next to the website. Otherwise, a message indicating that the certificate is untrusted is displayed.

(B) If the browser deems the certificate to be trusted or the user accepts an untrusted certificate, the browser randomly generates a random number and encrypts it with the public key returned in step (2;

(C) Use the agreed HASH to calculate the handshake message, encrypt it with the random number generated above, and finally send all the generated information to the server together.

(4) The server needs to do the following after receiving the information:

(A) Use your own private key to decrypt the information and retrieve the password. Then, use the password to decrypt the handshake information and check whether the HASH is consistent.

(B) Use a password to encrypt a handshake and send it to the browser.

(5) the browser decrypts and computes the HASH of the handshake message. If it is consistent with the HASH sent by the server, the handshake ends. In the future, the communication between the browser and the client will be encrypted using the random password generated by the browser.

Why the above operations?

The main purpose is to confirm that both parties have obtained the same password and can successfully encrypt and decrypt it, and perform a test for subsequent data transmission.

3. asymmetric encryption algorithms, symmetric encryption algorithms, and HASH Algorithms

The asymmetric encryption algorithm is used to encrypt the random password generated by the browser. Because this password is the key to HTTPS data transmission, this encryption algorithm is used. Asymmetric encryption algorithms generate public and private keys. The public keys are used to encrypt data and therefore can be transmitted at will. The private key is used to decrypt data. It is kept by the server and cannot be leaked.

Symmetric encryption algorithms are used to encrypt the actually transmitted data.

The HASH encryption algorithm is used to verify data integrity.

Content reference http://www.guokr.com/post/114121/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.