SSL makes data transmission over the network more secure

SSL is a secure transmission protocol. Its full name is Securesocketlayer (Secure Sockets Layer ). The Protocol was initially developed by a Netscape Enterprise and has become a global standard for identifying websites and web page viewers on the Internet and for encrypted communication between browser users and web servers. As SSL technology has been established in all major browsers and WEB server programs, you only need to install a digital certificate or server certificate to activate the server function.

How SSL works

The SSL Protocol consists of Handshake Protocol and RecordProtocol. Handshake Protocol is used to negotiate a key. Most of the content of the Protocol is how the communication parties use it to negotiate a key securely. RecordProtocol defines the transmission format.

SSL is an optional layer between HTTP and TCP. to access a webpage through SSL, follow these steps:

1. User:
Enter https://www.sslserver.com in the address bar of the browser

2. HTTP layer: translate user requirements into HTTP requests, for example:
GET/index.htm HTTP/1.1
Host http://www.sslserver.com

3. SSL layer: uses the channel of the lower-layer protocol to securely negotiate an encryption key and uses this key to Encrypt HTTP requests.

4. TCP layer: establish a connection with port 443 of the server to transmit the data processed by SSL.

5. the receiving end is the server.

SSL establishes an encrypted channel over TCP, and the data at this layer is encrypted, thus achieving the effect of confidentiality.

If you do not understand the above, let's look at A more vivid analogy. We assume that A communicates with B, A is an SSL client, and B is an SSL server, the encrypted message is placed in square brackets [] to highlight the difference with plain text messages. The description of the handling actions of both parties is enclosed in parentheses.

A: I want to talk to you securely. The symmetric encryption algorithms here include DES, RC5, RSA and DH, and MD5 and SHA.
B: We have a good combination of DES-RSA-SHA. This is my certificate. It contains my name and public key. You can verify my identity and send the certificate to ). There is nothing else to say.
A: Check whether the name of B on the certificate is correct, and verify the authenticity of B's certificate through the existing CA certificate. If one of them is incorrect, issue A warning and disconnect, this step ensures the authenticity of B's public key)
A private message is generated, which is used as the encryption key, encryption initialization vector, and hmac key after being processed. This private message-the per_mas ter_secret in the protocol-is encrypted with the public key of B and encapsulated into messages called ClientKeyExchange. Because the public key of B is used, the third party cannot intercept data)
I generated a secret message and encrypted it with your public key. I will send you ClientKeyExchange to B)
Note: I will use an encrypted method to send messages to you next!
Process the secret message, generate the encryption key, encrypt the initialization vector and the hmac key)
[I have finished]
B: Use your own private key to decrypt the private messages in C lientKeyExchange, process the private messages, generate the encryption key, encrypt the initialization vector, and hmac key, at this time, both parties have negotiated a set of encryption methods securely ).
Note: I am also starting to send messages to you through encryption!
[I have finished]
A: [my secret is...]
B: [what other people won't hear...]

Where can SSL be applied?

Through the introduction of the principle, we can know that using the SSL protocol can effectively enhance the confidentiality of our information transmission. With this, we can apply it to the secure access of WEB servers, and ensure the secure transmission of emails. Such as Shangyi website enterprise mailbox https://mail.corpease.net/cgi-bin/domainadmin) is used in this way.

The simplest and most direct way to identify whether a website has enabled the SSL security protocol is to view its website information. Generally, we see URLs starting with http, after the security protocol is adopted, the URL starts with https: //, with an additional S.