what is HTTPS

HTTPS = HTTP + TSL




Hypertext Transfer Protocol Secure (HTTPS) is acommunications protocol forsecure
communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simplylayering theHypertext
Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. The main motivation for HTTPS is to preventwiretapping
and man-in-the-middle attacks.

TLS (Transport Layer Security)

Transport Layer Security (TLS) and its predecessor,Secure Sockets Layer (SSL), arecryptographic
protocols designed to provide communication security over the Internet.[1] They useX.509
certificates and henceasymmetric cryptography toauthenticate
the counterparty with whom they are communicating, and to exchange asymmetric key. This session key is then used to encrypt
data flowing between the parties. This allows for data/message confidentiality, andmessage authentication codes for message
integrity and as a by-product, message authentication. 

TLS handshaking procedure

1. Client sends hello message to server
2. Server sends hello message and certificate (public key is in certificate) to client
3. Client authenticate server's certificate by checking if received certificate subject name actually matches the name of server being contacted, if the issuer of the certificate is a trustedcertificate
authority (e.g. VeriSign/Microsoft/etc. which are pre-installed in browser)
4. Using all data generated in the handshake thus far, client creates the shared session key and encrypts it with server's public key, and then sends the encrypted session key to server
5. The client sends a message to server informing it that future messages from client will be encrypted with the session key, it then sends a separate message (encrypted) indicating that the client portion of handshake is finished.
6. The server does the same to client

How can i trust you

CA - Certificate Authority


CA is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate and it is a
trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate.

CA Providers



Java HTTPS support

Use HttpsURLConnection



Use Apache AHC (Asynchronous Http Client)


参考:


版权声明:本文为博主原创文章,未经博主允许不得转载。

HTTPS (HTTP Secure)的更多相关文章

  1. 【转】SSL协议、SET协议、HTTPS简介

    一.SSL协议简介 SSL是Secure Socket Layer的缩写,中文名为安全套接层协议层.使用该协议后,您提交的所有数据会首先加密后,再提交到网易邮箱,从而可以有效防止黑客盗取您的用户名.密 ...

  2. GET和POST区别,http和https区别

    在开发中我们需要和后台进行数据的交互,但是咋样交互呢?通常我们是通过网络请求进行数据的交互,一般使用http/https/tcp/udp等进行数据的交互. http长连接和短连接 1. HTTP协议与 ...

  3. 问题:https与http有什么区别啊?

    HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议  它是一个安全通信通道,它基于HTTP开发,用于在客户计算机和服务器之间交换信息.它使用安全套接字 ...

  4. Oracle EM 的访问方式由HTTPS改为HTTP

    打开命令提示符,依次运行以下命令: set ORACLE_HOSTNAME=%COMPUTERNAME% set ORACLE_UNQNAME=orcl rem 指向 dbhome_1\oc4j\j2 ...

  5. HTTP协议与HTTPS协议区别

    HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议:   它是一个安全通信通道,它基于HTTP开发,用于在客户计算机和服务器之间交换信息,它使用安全套 ...

  6. https的了解

    经常用支付宝,看到了https就查了一下. HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议. 简单讲是HTTP的安全版.即HTTP下加入SSL层, ...

  7. php--http与https的区别

    在URL前加https://前缀表明是用SSL加密的.你的电脑与服务器之间收发的信息传输将更加安全. Web服务器启用SSL需要获得一个服务器证书并将该证书与要使用SSL的服务器绑定. http和ht ...

  8. HTTP 和 HTTPS 协议

    HTTP协议是什么? 简单来说,就是一个基于应用层的通信规范:双方要进行通信,大家都要遵守一个规范,这个规范就是HTTP协议. HTTP协议能做什么? 很多人首先一定会想到:浏览网页.没错,浏览网页是 ...

  9. 《Apache数据传输加密、证书的制作》——涉及HTTPS协议

    首先了解http和https: HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议. HTTPS和HTTP的区别: http是超文本传输协议,信息是明 ...

随机推荐

  1. mysql数据库的一些基本操作

    下面列出一些做项目时常用到的一些mysql操作. 1.对数据库的操作 查看所有的数据库:show databases; 新建一个数据库:create database database_name; 此 ...

  2. 数据结构与算法(1)支线任务3——Largest Rectangle in Histogram

    题目如下:(https://leetcode.com/problems/largest-rectangle-in-histogram/) Given n non-negative integers r ...

  3. 普通B/S架构模式同步请求与AJAX异步请求区别(个人理解)

    在上次面试的时候有被问到过AJAX同步与异步之间的概念问题,之前没有涉及到异步与同步的知识,所以特意脑补了一下,不是很全面... 同步请求流程:提交请求(POST/GET表单相似的提交操作)---服务 ...

  4. C#实现堆栈

    堆栈(Stack)是一种特殊的线性表,是一种操作只允许在尾端进行插入或删除等操作的线性表.表尾允许进行插入删除操作,称为栈顶(Top),另一端是固定的,称为栈底(Bottom).栈的操作使按照先进后出 ...

  5. JsonException: Max allowed object depth reached while trying to export from type System.Single

    在进行类转json字符串时,报错JsonException: Max allowed object depth reached while trying to export from type Sys ...

  6. web app开发之rem

    CSS3新增了一个相对单位rem,官方的解释为“font size of the root element”,相对于根元素(html)的font size. rem,em,px单位的区别: rem单位 ...

  7. hadoop 运维

    1:hdfs dfsadmin -report //查看集群运行状态

  8. Markdown写博客

    一级目录 我接下来是不是该写二级目录了 二级目录 如果我用桌面端的Markdown会不会好很多,这个我看不到效果 听说插入表格很麻烦? 列表是这样的? 我还看不出样子 *这个是什么样子啊 引用是这样用 ...

  9. 动态规划小结(dynamic programming)

    动态规划在很多情况下可以降低代码的空间时间复杂度. 判断一道问题能否应用动态规划,需要关注问题是否具有最优子结构,当前规模的问题的解在之前问题的解里面,还要注意的是要满足无后效性的原则.随后就是寻找递 ...

  10. 《循序渐进》之简单的DHCP实验

    目的:初学,配置简单的DHCP试验. 试验步骤: 1:拓扑图 2:配置: Router>en Router#config t Enter configuration commands, one ...