This is the 8th day of my participation in the August More Text Challenge. For details, see “August More Text Challenge”.
preface
“The colours of August are of gold, bright and precious; The colours of August are brewed with sunshine, fragrant and brilliant.”
In the future, I wish you to adjust yourself to the best state, slowly work hard, slowly get better
http
HyperText Transfer Protocol (HTTP) : an application-layer communication Protocol between a browser or other programs on the client and a Web server
https
HyperText Transfer Protocol over Secure Socket Layer (HTTPS) : It can be understood as HTTP+SSL/TLS. SSL is added to HTTP. SSL is the security basis of HTTPS.
SSL (Secure Socket Layer) : Developed by Netscape in 1994, SSL stands between TCP/IP and various application Layer protocols to provide Secure support for data communications
Transport Layer Security (TLS) : Its predecessor is SSL, and its first several versions (SSL 1.0, SSL 2.0, SSL 3.0) were developed by Netscape Company. It was standardized and renamed by IETF from 3.1 in 1999. Until now, there have been three versions (TLS 1.0, TLS 1.1, TLS 1.2). SSL3.0 and TLS1.0 are rarely used due to security vulnerabilities. TLS 1.3, which is still in draft stage, is subject to major changes. Currently, TLS 1.1 and TLS 1.2 are the most widely used.
Working process of SSL/TLS
- through
CASystem switchingpublic key - The keys used for symmetric encryption are exchanged through an asymmetric encryption algorithm
- Normal network communication is encrypted by symmetric encryption algorithm
As a notarial office, CA can ensure the authenticity of digital certificates. CA authentication usually requires a fee
-
When a client accesses a Web server with CA authentication
-
The server returns a digital certificate authenticated by the CA. The certificate contains the public key of the server
The server sends an SSL certificate to the client. The SSL certificate contains the following contents:
- Certificate issuer CA
- Validity of the certificate
- The public key
- Certificate owner
- The signature
.
-
The client obtains the digital certificate and decrypts it with the CA certificate built in its browser to obtain the public key of the server
When receiving an SSL certificate from the server, the client verifies the authenticity of the certificate
- First, the browser reads the certificate owner, validity period and other information in the certificate to verify one by one
- The browser searches for the built-in trusted certificate issuing authority (CA) in the operating system and compares the CA with that in the certificate sent by the server to check whether the certificate is issued by a legitimate authority
- If not, the browser will report an error indicating that the certificate sent by the server is untrustworthy
- If so, the browser retrieves the issuer CA’s public key from the operating system and decrypts the signature in the certificate sent by the server
- The browser uses the same hash algorithm to calculate the hash value of the certificate sent by the server and compares the calculated hash value with the signature in the certificate
- If the comparison results are the same, the certificate sent by the server is valid and is not faked
- The browser can then read the public key in the certificate for subsequent encryption
-
The client uses the server’s public key to encrypt a key for the next symmetric encryption algorithm and passes it to the Web server
Because only the server has the private key to decrypt, you don’t have to worry about the middleman intercepting the encrypted key
-
The server takes the encrypted key, decrypts it, and then uses the symmetric encryption algorithm to complete the next network communication with the user
conclusion
If this post helped you, feel free to like 👍 and follow ⭐️
If there are any mistakes in this article, please correct them in the comments section 🙏🙏.
A detailed explanation and brief introduction to the working principle of SSL/TLS