HTTPS Explained
HTTPS = HTTP + SSL/TLS
HTTPS
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-j9IJ0dnR-1655447617796)(https://raw.githubusercontent.com/Yukun4119/BlogImg/main/img/https.png)]
(image source:https://www.youtube.com/watch?v=T4Df5_cojAs )
The process of HTTPS:
- Client send package to Server (to request resources)
- Sever show certificate to Client (containing public key and private key), and Cilent get the public key.
- Client generates a new secret key encrypted with public key, and sends it to Server
- Server decrypt this new secret key with private key(to get this new secret key, asymmetric-key encryption)
- Since both Client and Server have the new secret key, they can encrypt and decrypt the message. (symmetric-key encryption)
SSL vs TLS
TLS(Transport Layer Security) is the successor of SSL(Secure Sockets Layer)
Now TLS is used in most browsers.
Reference
How does HTTPS work? What’s a CA? What’s a self-signed Certificate?