First, Http
Hypertext Transfer Protocol, Hypertext Transfer Protocol, is one of the most widely used protocols on the Internet, and all WWW files must follow the standard. The HTTP protocol transmits data that is unencrypted, which is plaintext, so it is not safe to use the HTTP protocol to transmit privacy information.
Use TCP port as: B, Https
Hyper Text Transfer Protocol over secure Socket Layer, Secure Hypertext Transfer Protocol, Netscape formula designed SSL (secure Sockets Layer) protocol for Encrypting data transmitted by HTTP protocol. ensure security during session.
Use TCP port defaults to 443 three, SSL protocol encryption method
SSL protocol used symmetric encryption is also used in asymmetric encryption (public key cryptography), in the establishment of the transmission link, SSL first of the symmetric encryption key using the public key for asymmetric encryption, the link is established, SSL to the transmission of the content using symmetric encryption.
Symmetric encryption
High speed, large encryption content, used to encrypt messages during session
Public Key Cryptography
Slow encryption, but can provide a better identity authentication technology, used to encrypt symmetric encryption key four, one-way authentication
HTTPS requires a handshake before establishing a socket connection, as follows:
The client sends the SSL protocol version number, the encryption algorithm type, the random number and so on to the service side. The server returns the SSL protocol version number, the encryption algorithm type, the random number and so on to the client, and also returns the servers side certificate, namely the public key certificate
The client uses the information returned by the server to authenticate the legality of the servers, including whether the certificate has expired hairstyles whether the CA of the server certificate is reliable returns the public key that returns the domain name on the digital signature server certificate in the certificate that matches the actual domain name of the server
After verification is passed, the communication will continue, otherwise, the end of the communication client to the server to send their own support for the symmetric encryption scheme, for servers to select the server side in the client-provided encryption scheme to choose the most encrypted encryption method. The server will select a good encryption scheme to return to the client client in plaintext after receiving the encryption method returned by the service side, use this encryption method to generate a random code, used as a symmetric encryption key in the communication process, using the public key returned by the server to encrypt the encrypted random code sent to the servers After the server receives the encrypted information returned by the client, decrypts it with its own private key to obtain a symmetric encryption key.
In the next session, the server and client will use the password for symmetric encryption to ensure the security of the information in the communication process. Five, two-way certification
Two-way authentication and one-way authentication principle is basically similar, just in addition to the client needs authentication service side, increased the server to the client authentication, the specific process is as follows:
The client sends the SSL protocol version number, the encryption algorithm type, the random number and so on to the service side. The server returns the SSL protocol version number, the encryption algorithm type, the random number and so on to the client, and also returns the servers side certificate, namely the public key certificate
The client uses the information returned by the server to authenticate the legality of the servers, including whether the certificate has expired hairstyles whether the CA of the server certificate is reliable returns the public key that returns the domain name on the digital signature server certificate in the certificate that matches the actual domain name of the server
After validation is passed, communication continues, otherwise, the termination of the communication server requires the client to send the client's certificate, the client will send its own certificate to the server to verify the client's certificate, through verification, will obtain the client's public key client to the service side to send their own supported symmetric encryption scheme for the servers to choose The server side in the client-provided encryption scheme to select the most encrypted encryption method to the encryption scheme through the use of the public key obtained before encryption, return to the client client received the server returned encryption scheme ciphertext, use their own private key to decrypt, obtain the specific encryption method, and then, The random code that generated the encryption, used as the key in the encryption process, after the use of the public key obtained from the server-side certificate to encrypt, sent to the server server to receive the message sent by the client, use their own private key to decrypt, obtain the symmetric encryption key, in the next session, The server and client will use the password for symmetric encryption to ensure the security of the information in the communication process.