Https

There are CA awarding authorities

Root Certificate -> Intermediate Certificate -> User Certificate

A certificate verifies the identity validity of both parties

tls1.3

Client_random Client_paras encryption suite algorithm RSA ECDHE (forward security generates temporary secret every time)

The server gives the client a digital signature containing its own public key and certificate server_random + server_paras + encryption suite

The client decrypts the signature with its own CA certificate chain. If the decryption succeeds, there is no manin the middle attack

pre_random = server_paras + clent_paras

Encryption with the public key of the server secret = client_radom + server_RANDOM + pre_random

Send server server decrypts secret with private key

Then send the end message and both parties verify

www.zhihu.com/question/37…

Juejin. Cn/post / 684490…