We all know that HTTPS encrypts information so that sensitive information can’t be accessed by third parties. Therefore, many bank websites or email addresses with high security level will use HTTPS protocol.

Introduction of HTTPS

Hypertext Transfer Protocol Secure (ABBREVIATED: HTTPS, often called HTTP over TLS, HTTP over SSL or HTTP Secure)

HTTPS is actually composed of two parts: HTTP + SSL/TLS, that is, on top of HTTP, another layer of modules for processing encrypted information. Both the server and client are encrypted through TLS. Therefore, the transmitted data is encrypted. How is the specific encryption, decryption, verification, and see the figure 1 below





1. The client initiates an HTTPS request

The user types in an HTTPS url in the browser and connects to port 443 on the server.

2. Configure the server

A server that uses HTTPS must have a digital certificate. You can create one yourself or apply for one from an organization. The difference is that your certificate needs to be verified by the client before you can continue to access it, while certificates applied by trusted companies do not pop up a prompt page (StartSSL is a good choice, with a one-year free service). The certificate is a pair of public and private keys. If the public and private keys is not very understanding, can imagine as a key and a locks, but the world only you a man who had the key, you can put the locks to others, other people can use this lock lock important things up, and then sent to you, because only you a man who had the key, so only you can see things this lock lock up.

3. Transfer the certificate

The certificate is actually the public key, but contains a lot of information, such as the certificate authority, expiration time and so on.

4. The client parses the certificate

This part of the work is done by TLS on the client side. First, it verifies whether the public key is valid, such as the issuing authority, expiration time, etc. If an exception is found, a warning box will pop up, indicating that there is a problem with the certificate. If there is nothing wrong with the certificate, a random value is generated. The random value is then encrypted with a certificate. As mentioned above, the random values are locked so that unless you have a key, you can’t see what is locked.

5. Send encrypted information

This part transmits the random value encrypted with the certificate. The purpose is to let the server get this random value, and the communication between the client and the server can be encrypted and decrypted by this random value.

6. The service segment decrypts information

After decrypting with the private key, the server gets a random value (the private key) from the client, and then encrypts the content symmetrically through this value. Symmetric encryption is the mixing of information and the private key through some algorithm, so that unless you know the private key, you can’t get the content, and both the client and the server know the private key, so as long as the encryption algorithm is strong enough, the private key is complex enough, the data is secure enough.

7. Transmit encrypted information

This information is encrypted with the private key of the service segment and can be restored on the client

8. The client decrypts information

The client decrypts the message sent by the service segment with the previously generated private key, and then obtains the decrypted content. Even if the third party listens to the data, there’s nothing they can do about it