The TLS profile

SSL, or Secure Sockets Layer, is the fifth layer of the OSI seven-layer network model. SSL was renamed TLS, or Transport Security Layer, by the Internet Engineering Group (IETF) in 1999. Currently the most widely used version is 1.2, so the following discussion is based on TLS 1.2.

TLS1.2 and TLS 1.3 differences

In TLS 1.2, generally four handshakes are required. The following encryption algorithms are negotiated through Client Hello (the first handshake) and Server Hello (the second handshake) messages, and public keys are exchanged (the third and fourth handshakes). The final session key is then calculated, and the TLS 1.2 handshake is shown on the left:

On the right side of the figure is the TLS 1.3 handshake. You can see that TLS 1.3 combines the Hello and public key exchange messages into one message, thus reducing the TLS handshake to only 1 RTT.

HTTPS

HTTPS stands for Hypertext Transfer Protocol Secure. It is used to Secure communication between two end systems on a computer network. HTTPS is a protocol and specification for the Secure transmission of text, pictures, audio, video and other hypertext data between two points in the computer world. HTTPS is an extension of THE HTTP protocol. It does not guarantee the security of transmission. Who does? In HTTPS, communication protocols are encrypted using transport Layer Security (TLS) or secure Sockets Layer (SSL). That is HTTP + SSL(TLS) = HTTPS.

If a site does not use HTPPS, Google Chrome will display an unsafe message.

HTTPS is not a new application layer protocol, but the HTTP communication interface is replaced by SSL and TLS. Typically, HTTP communicates directly with TCP first. After using HTTPS of SSL, it first evolves to communicate with SSL, and then SSL and TCP communicate. In other words, HTTPS is HTTP with SSL on top.

SSL is an independent protocol. Not only HTTP but also other application-layer protocols, such as SMTP(Email protocol) and Telnet(remote login protocol) can be used.

The working principle of

The following is the complete process of establishing a connection between the client and the server. Obviously, the first three TCP packets are three-way handshake packets.

The following is the communication process showing only TLS protocol

When the client initiates handshake negotiation, it sends a ClientHello message to the server. The ClientHello message specifies supported SSL/TLS versions and Cipher Suite encryption algorithms for the server to select and provides a random number for generating session keys.

The server returns a ServerHello message containing the selected protocol version, encryption algorithm, server random number, session ID, and so on. The protocol version selected by the server must be smaller than the protocol version set on the ClientHello client.

The server sends a ServerHello message. After the protocol version and encryption algorithm combination are selected, the server sends a Certificate message. The Certificate message contains information such as the server Certificate and can be authenticated through the Certificate chain. Depending on the combination of encryption algorithms chosen, the public key in the server certificate can also be used to encrypt the Premaster Secret generated during the subsequent handshake.

ServerKeyExchange message, which contains parameters related to the EC Diffie-Hellman algorithm on the server.

ServerHelloDone Message that tells the client server that the handshake related message is sent.

You can see from the packet that the two hours were sent together.

The Client sends a Client Key Exchange Change Cipher Spec message

The server sends a ChangeCipherSpec message informing the client that the server will then send data encrypted.

The rest of the data is encrypted.

The following is the communication process of TLS 1.3.

Some of the images are from the public accounts Xiaolin Coding and Java Builder

Reference documentation

By the end of this HTTPS, you’ll be fine with bickering with the interviewer

Byte two side: optimizing HTTPS means, do you know how many?

TLS Protocol Analysis