Https communication principle

Https communication principle
1. What is Https? Https is an Http channel for security purposes. Its security base is guaranteed by the SSL layer. Initially developed by netscape, it mainly provides identity authentication and encrypted communication methods for both parties. It is widely used for secure and sensitive communications on the Internet. Www.2cto.com 2. the main difference between Https and Http is that Https is added to the SSL layer under Http and communication methods are different: Https requires client and server handshake (Identity Authentication) before data communication ), after the connection is established, the transmitted data is encrypted and the communication port is 443. Http transmission data is not encrypted, in plain text, and the communication port is 80. 3. the basic SSL Protocol is located between the TCP/IP Protocol and various application layer protocols. It is divided into two layers: SSL Record Protocol (SSL Record Protocol): established on the reliable transport layer Protocol (TCP) provides basic functions such as data encapsulation, compression, and encryption for upper-layer protocols. SSL Handshake Procotol: Based on the SSL record protocol, used for identity authentication, negotiation encryption algorithm, and encryption key exchange before actual data transmission. Www.2cto.com 4. SSL Protocol Communication Process (1) the browser sends a connection request to the server. The server returns its certificate (including the server's public key S_PuKey), symmetric encryption algorithm type, and other related information to the client; (2) The client browser checks whether the CA certificate sent from the server is issued by a trusted CA center. If yes, perform Step 4. Otherwise, give the customer a warning: ask whether to continue the access. (3) The client browser compares the information in the certificate, such as the certificate validity period, server domain name, and public key S_PK. Is the information returned by the server consistent, then, the browser authenticates the server. (4) The server requires the client to send the client certificate (including the client's public key C_PuKey), The supported symmetric encryption scheme, and other related information. After receiving the message, the server performs the same identity authentication. If the authentication fails, the connection is rejected. (5) The server selects a solution with the highest degree of encryption based on the type of password sent from the client browser, the client uses the client's public key C_PuKey to encrypt and notify the browser. (6) after the client decrypts the key through the private key C_PrKey, it learns the encryption scheme selected by the server and selects a call key, then, it is encrypted with the server's public key S_PuKey and sent to the server. The browser received by www.2cto.com (7) sends the message to the server, decrypts it with the private key S_PrKey, and obtains the call key. (8) The next data transmission uses the symmetric key for encryption. The above describes the communication process of two-way SSL authentication. Both the server and the user must have a certificate. It can be seen that the SSL protocol uses an asymmetric key mechanism to ensure identity authentication between the two parties and establish connections. In actual data communication, the symmetric key mechanism is used to ensure data security. Author wangjian_tempus