CN2 GIA vps monthly package is 60% off, order 3 months + get 1 month free, 12 months + get 4 months free;
Contact Us Support
Shop
SG Cloud Server SG Dedicated Server US Cloud Server HK Cloud Server HK Dedicated Server
Cloud Server
SG Cloud Server HK Cloud Server US Cloud Server
Dedicated Servers
Anti-DDoS IP
Security
Cloud DNS Domain Name SSL Certificate
Data Centers
Singapore, SG (SIN) HK HGC HK Tsuen Wan Los Angeles, USA (LAX)
Company
About Us Contact Us Support AFF
EN
CN
Sign In
Support >
  About cybersecurity >
  HTTPS communication principle and detailed introduction
HTTPS communication principle and detailed introduction
Time : 2023-01-04 11:46:35
Edit : Jtti

HTTPS communication principle

 

Https is an Http channel based on security purposes, and its security foundation is guaranteed by the SSL layer. Originally developed by netscape, it mainly provides identity authentication and encrypted communication methods for both communication parties. It is now widely used in security-sensitive communications on the Internet.

 

We all know that HTTPS can encrypt information to prevent sensitive information from being obtained by third parties. Therefore, many services with high security levels such as banking websites or e-mails will use the HTTPS protocol.

 

Introduction to HTTPS

 

HTTPS actually consists of two parts: HTTP + SSL / TLS, that is, a module for processing encrypted information is added on top of HTTP. The information transmission of the server and the client will be encrypted by TLS, so the transmitted data is all encrypted data. Specifically, how to encrypt, decrypt, and verify, and see the figure below.

 

1. The client initiates an HTTPS request

 

There is nothing to say about this, that is, the user enters an https URL in the browser, and then connects to port 443 of the server.

 

2. Server configuration

 

A server using the HTTPS protocol must have a set of digital certificates, which can be made by oneself or applied to the organization. The difference is that the certificate issued by itself needs to be verified by the client before you can continue to visit, while the certificate applied by a trusted company will not pop up a prompt page (startssl is a good choice, with 1 year of free service). This set of certificates is actually a pair of public and private keys. If you don’t understand the public key and private key, you can imagine it as a key and a lock, but you are the only one in the world who has this key, you can give the lock to others, and others can use this lock to lock important things Lock it and send it to you, because only you have this key, so only you can see what is locked by this lock.

 

3. Transmission certificate

 

This certificate is actually a public key, but it contains a lot of information, such as the issuing authority of the certificate, expiration time, and so on.

 

4. The client parses the certificate

 

This part of the work is done by the client's TLS. First, it will verify whether the public key is valid, such as the issuing authority, expiration time, etc. If an exception is found, a warning box will pop up, indicating that there is a problem with the certificate. If there is no problem with the certificate, then a random value is generated. This random value is then encrypted with the certificate. As mentioned above, lock the random value with a lock, so that unless you have a key, you cannot see the locked content.

 

5. Send encrypted information

 

This part transmits the random value encrypted with the certificate. The purpose is to let the server get this random value. In the future, the communication between the client and the server can be encrypted and decrypted through this random value.

 

6. Service segment decryption information

 

After decrypting with the private key, the server obtains the random value (private key) sent by the client, and then encrypts the content symmetrically with this value. The so-called symmetric encryption is to mix the information and the private key together through a certain algorithm, so that unless the private key is known, the content cannot be obtained, and both the client and the server know the private key, so as long as the encryption algorithm is strong enough, The private key is complex enough, and the data is safe enough.

 

7. Transmission of encrypted information

 

This part of information is the information encrypted by the private key of the service segment, which can be restored on the client side

 

8. The client decrypts the information

 

The client uses the previously generated private key to decrypt the information sent by the service segment, and then obtains the decrypted content. Even if a third party monitors the data during the whole process, there is nothing they can do.

 

Thanks for reading, I hope it can help everyone, thank you for your support to this site!

Previous one:IIS7 Complete Raiders Failed Request Tracking Configuration Next one:What is an SSL certificate and what is it used for?

Relevant contents

What are the benefits of Web sites deploying SSL certificates Four types of SSL certificates are commonly installed Summary of solutions to common problems in the process of setting up a website in IIS6 3389 Tips for Using Remote Desktop Connection IIS7 Complete Raiders Failed Request Tracking Configuration What is an SSL certificate and what is it used for? What are the effective prevention methods for high-traffic network attacks What are the effective ways to maintain website security right now? What are the benefits of installing an SSL certificate on a website? Top 5 Common Reasons SSL Certificates Are Not Trusted
24/7/365 support.
We work when you work
Telegram
E-mail
Work Order
Support
Shop
SG Dedicated Server US Dedicated Server SG Cloud Server SG Anti-DDoS Server US SEO Server
Cloud Server
SG Cloud Server US Cloud Server HK Cloud Server
Dedicated Servers
CN2 Server SG Dedicated Server US Dedicated Server HK Dedicated Server SEO Server HK SEO Server US SEO Server
High Bandwidth Server HK High Bandwidth Server HK International High Bandwidth Server Anti-DDoS Server SG Anti-DDoS Server HK Anti-DDoS Server US Anti-DDoS Server
Security
Cloud DNS Domain Name SSL Certificate
Data Centers
Singapore, SG (SIN) Los Angeles, USA (LAX) HK HGC HK Tsuen Wan
About Jtti
About Us Support
©2024 jtti.cc. All Rights Reserved
sitemap Privacy
JTTI-Defl
JTTI-COCO
JTTI-Selina
JTTI-Ellis
JTTI-Eom
Title
Email Address
Type
Information
Code
Submit