An easy way to master HTTPS

Original author: Sahara, UC International Research and Development

Welcome to the “UC International Technology” public account, we will provide you with the client, server, algorithm, testing, data, front-end and other related high-quality technical articles, not limited to original and translation.

1.1 What is HTTPS?

HTTPS is called the secure hypertext transfer protocol. It adds a layer of secure links (SSL/TLS) between HTTP and TCP. (SSL is the predecessor of TLS. After IETF standardized SSL, it was renamed TLS. The highest version of SSL is 3.0, and later versions are TLS1.0, TLS1.1, TLS1.2…..)

Why use HTTPS <<

HTTPS was created to solve HTTP’s problems. To understand why you use HTTPS, you need to know what HTTP’s problems are. HTTP technology is widely used, is a great technology, but because it is plaintext transmission, so there are various security problems:

• Risk of wiretapping. Because the transmission is in clear text, if a node in the network transmission is tampered with, the content of the transmission can be intercepted.

• Tampering with risk. Because of plaintext transmission, an attacker can easily tamper with the transmitted content when the content is eavesdropped. HTTP itself does not have the ability to verify packet integrity.

• Impersonation risk. Unable to verify the true identity of the corresponding party.

  To solve these problems, HTTPS is born. It encrypts the transmission to address the risk of eavesdropping, uses digest verification to ensure that the message is not tampered with, and provides a certificate for each site to determine identity. Of course, the certificate also contains the secret key, digest algorithm and other information.

>> 1.3 How can HTTPS Ensure Transmission Security?

Encryption algorithm has asymmetric encryption algorithm, symmetric encryption algorithm, abstract algorithm. Because the abstract algorithm is irreversible and cannot be used for data transmission, asymmetric encryption algorithm has high security and is reversible, but because of the time-consuming calculation, if used as the encryption algorithm for data transmission, the cost will be very high.

Symmetric encryption algorithm can not only meet the reversible condition, but also consume less time than asymmetric encryption algorithm, which is suitable for data transmission. Therefore, HTTPS uses symmetric encryption algorithms for data transmission.

To secure the symmetric encrypted secret key to the client, HTTPS encrypts the secret key to the client using an asymmetric encryption algorithm. However, the public key of asymmetric encryption is sent to the client in plaintext. Therefore, there may be man-in-the-middle attack (introduction). To solve the man-in-the-middle attack, HTTPS introduces digital certificates.

From the above introduction, we can see that a lot of information is required for HTTPS transmission. Which algorithm is used for asymmetric encryption? Symmetric encryption and which algorithm? What is the certificate on the server side? How do clients and servers negotiate this data? Hence the TLS handshake, which we often hear about in order to identify these variables and thus establish a so-called secure link. Here is a general process of TLS handshake:

Let’s take a look at some of the key links by visiting the handshake process at https://www.baidu.com.

• Client Hello

Client Hello is the first step of TLS handshake. It is initiated by the Client and contains several messages:

1. The highest TLS version number supported by the client

2, a random number, used for the symmetric secret key export algorithm

3. List of encryption suites supported by customers

4. Expand information

• Server Hello

1. Determine the TLS version based on the highest protocol version supported by the client

2, according to the list of encryption suite supported by the client, select the encryption suite to use, that is, determine the secret key exchange algorithm, symmetric encryption algorithm for data transmission, etc

3. Generate a random number for the symmetric secret key export algorithm

• Server Certificate

Returns the server’s certificate. Here is a certificate chain containing the intermediate certificate.

• Server Key Exchange

TLS handshake process will be determined according to the encryption suite, the steps will vary.

If the ENCRYPTION suite uses DH (or ECDHE) as the symmetric Key Exchange algorithm, the symmetric Key is exported by the client and the Server. In this case, the client and the Server need to Exchange the public keys generated by each other, and the Server Key Exchange step is required.

If the RSA algorithm is used, the symmetric key is encrypted and transmitted to the Server to export the key after the client generates a pre-master key. In this case, there is no Server key Exchange step.

• Client Key Exchange

As mentioned above, if DH(or ECDHE) is selected for the exchange algorithm, then a public key will be transmitted and used by the server to generate the symmetric secret key.

If the exchange algorithm is RSA, then the transfer is a pre-master key encrypted with the server’s public key.

After this step, the client and server can export the symmetric encryption key needed during the transfer.

• Change Cipher Spec

As shown in the figure above, after the Client Key Exchange, both the Client and server make a Change Cipher Spec request. In this step, the algorithms encrypt the abstract of all the data they just shook hands with according to the symmetric secret key generated by themselves and then send it to the opposite party. One is to ensure the correctness of the symmetric algorithm secret key, and the other is to verify whether the data in the handshake process is tampered with.

2.1 What is a Certificate?

We mentioned the word certificate several times above, but what is a certificate? A certificate is an identity file used in network communication. It contains information such as the user, asymmetric encrypted public key, issuer, issuer’s signature, and validity period.

>> 2.2 Which Certificates are Trusted

A certificate is an identity file, so how do we know that the file is trustworthy? First let’s look at how certificates are generated and validated:

As shown above, when a certificate is generated, the issuer (the signer in the picture) calculates the digest value using the digest algorithm, then signs the digest with its own private key, encrypting it, and writing it to the certificate. After getting the certificate, the user calculates the digest value using the digest algorithm in the certificate, and decrypts the signature information using the public key in the certificate to get the plaintext (the summary calculated by the issuer). Then, the user compares the two values. If the two values are the same, it indicates that the content of the certificate has not been tampered.

From the above we know how a certificate is generated and verified, but even if we know that the contents of the certificate have not been tampered with, we cannot say that the certificate is trusted because it may be generated by an attacker using his own secret key pair and given to you. Therefore, we must know whether the issuer is trustworthy. In order to verify that the issuer is trustworthy, the concept of certificate chain is introduced here, as shown below:

As we mentioned in the TLS handshake in section 1.3, when a server issues a certificate, it sends a certificate chain, which includes an intermediate certificate. Therefore, to verify whether a site certificate issuer is trusted, we need to verify the issuer’s certificate, layer by layer.

Where do we end up when we validate the certificate chain?

Believe that many people have heard of CA, the CA digital certificate authentication institutions, is recognized by all the people, the system with the browser will default to install the certificate and the certificate issued by the certificate of the secondary, these are all trusted certificate, of course, in addition to these, the user can also manually add oneself think trusted certificates to the trusted list, we at the time of verification certificate chain, If the verified certificate is already in the trust list, then we consider the site certificate to be trusted (even if it is, some expired or algorithm security level is not enough, the browser will still consider it unsafe, and issue a warning message).

Here is the Chrome trust list:

2.3 How Can I Revoke a Certificate?

For some reason, such as the secret key is leaked, or the algorithm of the certificate is not secure, etc., the certificate needs to be revoked. Both communication parties can verify the status of each certificate in the certificate chain according to the verification address specified in the certificate. There are two ways to revoke certificates:

A certificate Revocation list (CRL) is a list of all revoked certificates that are published periodically, or with each update, or to provide access through HTTP. This approach has two disadvantages. First, the file will become larger and larger. Second, the client may cache the CRL file and cannot update the newly revoked certificate immediately.

Online Certificate Status Protocol (OCSP), a mechanism for checking certificate status in real time.

3.1 What is an Encryption Suite?

In the TLS handshake process, there is also an unexplained noun, encryption suite, besides the certificate. What is a cryptosuite? The diagram below:

In the figure above, each line is an encryption suite. The first part is the name of the encryption suite, followed by an introduction to the contents of the encryption suite. Encryption suite is the basis of ENSURING HTTPS security, including key exchange algorithm, signature authentication algorithm, symmetric encryption algorithm, digest check algorithm.

Kx is a key exchange algorithm used to add secret keys when exchanging symmetric secret keys in a handshake. Au is a signature authentication algorithm. During a handshake, the signature of the handshake is verified. Enc is a symmetric encryption algorithm used for data transmission after a successful handshake. Mac is a digest check algorithm used to ensure packet integrity. In the figure, some encryption suites whose Mac is EQUAL to AEAD indicate that the symmetric encryption algorithm can ensure packet integrity without the digest algorithm.

>> 3.2 How to Select an Encryption Suite

Choose encryption suite, mainly from the security and performance of two aspects to consider, the current mainstream key exchange algorithm is ECDHE, ECDHE is in DH algorithm plus elliptic curve algorithm, performance and security have been greatly improved. The mainstream of symmetric encryption algorithm is THE GCM mode of AES algorithm, which supports parallel computing of encryption and decryption, and has special optimization on Intel processor.

Good article recommendation:

How does JS determine whether to install an Android APP?

UC International Technology is committed to sharing high quality technical articles with you

Please follow our official account and share this article with your friends