Getting Start Knowing Https Part I

1 The protocol stack

2 SSL / TLS

2.1 Handshake Protocol

shakehands

2.1.1 Initial establishment

Step1. Client Hello

  1. Supported protocol versions, such as TLS version 1.0

  2. A client-generated random number, which is then used to generate a “session key”

  3. Support of encryption methods, such as RSA public key encryption

  4. Supported compression methods

Step2. Server Hello

  1. Confirm the version of the encrypted communication protocol used, such as TLS version 1.0. If the browser does not match the version supported by the server, the server closes the encrypted communication

  2. A server-generated random number, which is then used to generate the “session key”

  3. Confirm the encryption method used, such as RSA public key encryption

  4. Server certificate

Step3. Client Key Exchange

  1. A random number. The random number is encrypted with the server public key to prevent eavesdropping

  2. Code change notification that the subsequent information will be transmitted using both the agreed encryption method and the key

  3. The client handshake end notification indicates that the client’s handshake phase has ended. This item is also the hash value of all the content sent before, used for server validation

Step4. Server Finish

After receiving the PreMaster encrypted data from the client, the server uses the private key to decrypt the encrypted data and validate the data. The server generates Session Secret in the same way as the client. When everything is ready, It sends a ChangeCipherSpec to the client informing the client that it has switched to the negotiated cipher suite state and is ready to encrypt the data using the cipher suite and Session Secret.

2.1.2 Restore the connection

records

If the session is interrupted, and the next time the reconnection, as long as the client gives the number, and the server has this number of records, the two sides can re-use the existing “dialogue key” without having to re-establish trust and security channel .

2.2 Message recording protocol

Application layer data, after segmentation, compression (optional), encryption of the last packet, through TCP / IP to another segment, in another section of the reverse operation, access to clear text data

3.TLS security analysis

3.1 Man-in-the-middle attack

Proxy

3.2 strong crack

Using a key algorithm may not be secure

3.3 There are security issues in the implementation

4. Summary

HTTPS can be securely transmitted, but not with HTTPS can sit back and relax

ref

chinese blog

Jeff Moser, The First Few Milliseconds of an HTTPS Connection

Wikipedia, Transport Layer Security

StackExchange, How does SSL work?