current position:Home>HTTPS protocol

HTTPS protocol

2022-09-23 07:36:56Welcome Big Brother to Little Brother Blog

HTTPS protocol

Here will involve some about encryption algorithms, let's take a brief look

  • One-way hash encryption (cannot be decoded, use and check whether the data has been tampered with, digital signature uses this)
    • MD5
    • SHA
  • Symmetric encryption
    • DES
    • 3DES
    • AES
    • How to solve the key distribution problem (private negotiation, network transmission (solved by asymmetric encryption, of course, there is also a key distribution center)

High transmission efficiency, fast encryption and decryption, but insecure

  • Asymmetric encryption
    • RSA
    • Public key and private key key pair
    • Solve key distribution issues

Low transmission efficiency, slow encryption and decryption, but high security performance

Disadvantages of symmetric encryption: it does not solve the problem of key distribution well (the key will be eavesdropped), that is, it is not secure

  • Hybrid cipher system (integrating the high size of symmetric encryption and the security of asymmetric encryption), the SSL/TLS used by HTTPS uses a mixed cipher system

    • Generate a session key (symmetric encryption is used to encrypt msg)
    • The public key of asymmetric encryption encrypts this session key
  • Digital Signature

    • (Generate signature, done by the sender of the message) msg ​​is tampered with, a key pair is generated by the sender, and a signature is generated by one-way hashing (private key) on msg
      • Different from the above encryption, the digital signature is a key pair generated by the sender
    • Send msg, public key and signature to the receiver to verify whether msg has been tampered with
  • Certificates

Please add image description

  • issued by a CA or build an OpenSSL self-issued certificate by yourself (individual establishment of a certification authority)
  • It is mainly used to prevent the public key from being tampered with and to verify the legitimacy of the public key

Public keys may be intercepted and forged

Please add image description

Please add image description

HTTPS protocol

I. The role of HTTPS

http is plaintext, the problem caused by plaintext transmission

Easy to be eavesdropped, tampered with, impersonated

The role of https:

  • All information is transmitted encrypted, so third parties cannot eavesdrop
  • It has a verification mechanism, once it is tampered with, both parties will immediately find out
  • Provide identity certificate to prevent identity from being impersonated

It is implemented through the well-known SSL/TLS protocol, which is located at the session layer (between the application layer and the transport layer, don't forget there is a presentation layer)

The TCP protocol only guarantees that the transmitted data will not be lost, but it does not guarantee that the data transmission process will not be tampered with and eavesdropped

Second, SSL/TLS protocol

HTTPS applies the SSL/TLS protocol on the basis of HTTP to encrypt packets, providing reasonable protection against eavesdropping and attackers in the middle

SSL/TLS can also be added to other protocols

  • FTP ->FTPS
  • SMTP->SMTPS

TLS(Transport Layer Security): Transport Layer Security Protocol

  • Formerly SSL (Secure Socket Layer): Secure Socket Layer

TLS/SSL mainly solves data confidentiality, data integrity and completion of identity authentication

  • Confidentiality; resolved by a hybrid encryption system
  • Integrity: Digital Signature (One-Way Hash)
  • Authentication: Solved by Certificate

The following learning will take TLS1.2 as an example

Three, HTTPS communication process

Mainly divided into 3 major stages

  1. TCP 3-way handshake
  2. TLS connection (SSL connection)
  3. HTTP request and response

Please add image description

TLS 1.2 connections (ECDHE key exchange algorithm)

TLS1.2 connection has about 10 steps
Please add image description
Please add image description

copyright notice
author[Welcome Big Brother to Little Brother Blog],Please bring the original link to reprint, thank you.
https://en.qdmana.com/2022/266/202209230624510758.html

Random recommended