HTTPS protocol detailed (ii): TLS/SSL working principle

The main functions of the HTTPS protocol are basically dependent on the TLS/SSL protocol, and this section analyzes how the TLS/SSL protocol works.
The function implementation of TLS/SSL mainly relies on three kinds of basic algorithms: hash function hash, symmetric encryption and asymmetric encryption, which realizes identity authentication and key negotiation using asymmetric encryption, the symmetric encryption algorithm uses negotiated key to encrypt data, and verifies the integrality of information based on hash function.

hash function Hash
Common MD5, SHA1, SHA256, the functions of the function is one-way irreversible, the input is very sensitive, the output length is fixed, any modification to the data will change the result of the hash function, to prevent information tampering and verify the integrity of the data;
In the information transmission process, the hash function cannot implement the information tamper-proof, because the clear text transmits, the intermediary can revise the information to recalculate the information summary, therefore needs to the transmission information as well as the information digest to encrypt;
Symmetric encryption
Common AES-CBC, DES, 3DES, AES-GCM, etc., the same key can be used for information encryption and decryption, master the key to obtain information, to prevent information eavesdropping, communication mode is 1 to 1;
The advantage of symmetric encryption is that information transmission 1 to 1, need to share the same password, password security is to ensure the basis of information security, server and N client communication, need to maintain n password records, and the lack of a mechanism to modify the password;
Asymmetric encryption
That is, the common RSA algorithm, also includes ECC, DH and other algorithms, algorithm features are, the key in pairs appear, generally known as public key (public) and private key (confidential), public key encryption information can only be the private key to untie, private key encryption information can only be solved by the public key. Therefore, the different clients mastering the public key can not decrypt information with each other, only with the private key to the server to encrypt communication, the server can achieve 1-to-many communication, the client can also be used to verify the identity of the server to master the private key.
Asymmetric encryption is characterized by 1-to-many information transmission, the server only need to maintain a private key to be able to encrypt communications with multiple clients, but the information sent by the server can be decrypted by all clients, and the algorithm is computationally complex, slow encryption.
Combined with the characteristics of three kinds of algorithms, the basic way of TLS is that the client uses asymmetric encryption to communicate with the server, realizes authentication and negotiates the key used by symmetric encryption, and then encrypts the information and information digest using the negotiation key, and the symmetric key is different between different nodes. So that the information can only be obtained by the communication Parties

HTTPS protocol detailed (ii): TLS/SSL working principle