what is HTTPS

HTTPS = HTTP + TSL




Hypertext Transfer Protocol Secure (HTTPS) is acommunications protocol forsecure
communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simplylayering theHypertext
Transfer Protocol
(HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. The main motivation for HTTPS is to preventwiretapping
and man-in-the-middle attacks.

TLS (Transport Layer Security)

Transport Layer Security (TLS) and its predecessor,Secure Sockets Layer (SSL), arecryptographic
protocols
designed to provide communication security over the Internet.[1] They useX.509
certificates and henceasymmetric cryptography toauthenticate
the counterparty
with whom they are communicating, and to exchange asymmetric key. This session key is then used to encrypt
data flowing between the parties. This allows for data/message confidentiality, andmessage authentication codes for message
integrity and as a by-product, message authentication. 

TLS handshaking procedure

1. Client sends hello message to server
2. Server sends hello message and certificate (public key is in certificate) to client
3. Client authenticate server's certificate by checking if received certificate subject name actually matches the name of server being contacted, if the issuer of the certificate is a trustedcertificate
authority
 (e.g. VeriSign/Microsoft/etc. which are pre-installed in browser)
4. Using all data generated in the handshake thus far, client creates the shared session key and encrypts it with server's public key, and then sends the encrypted session key to server
5. The client sends a message to server informing it that future messages from client will be encrypted with the session key, it then sends a separate message (encrypted) indicating that the client portion of handshake is finished.
6. The server does the same to client

How can i trust you

CA - Certificate Authority


CA is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate and it is a
trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate.

CA Providers



Java HTTPS support

Use HttpsURLConnection



Use Apache AHC (Asynchronous Http Client)


参考:


版权声明:本文为博主原创文章,未经博主允许不得转载。

HTTPS (HTTP Secure)的更多相关文章

  1. 【转】SSL协议、SET协议、HTTPS简介

    一.SSL协议简介 SSL是Secure Socket Layer的缩写,中文名为安全套接层协议层.使用该协议后,您提交的所有数据会首先加密后,再提交到网易邮箱,从而可以有效防止黑客盗取您的用户名.密 ...

  2. GET和POST区别,http和https区别

    在开发中我们需要和后台进行数据的交互,但是咋样交互呢?通常我们是通过网络请求进行数据的交互,一般使用http/https/tcp/udp等进行数据的交互. http长连接和短连接 1. HTTP协议与 ...

  3. 问题:https与http有什么区别啊?

    HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议  它是一个安全通信通道,它基于HTTP开发,用于在客户计算机和服务器之间交换信息.它使用安全套接字 ...

  4. Oracle EM 的访问方式由HTTPS改为HTTP

    打开命令提示符,依次运行以下命令: set ORACLE_HOSTNAME=%COMPUTERNAME% set ORACLE_UNQNAME=orcl rem 指向 dbhome_1\oc4j\j2 ...

  5. HTTP协议与HTTPS协议区别

    HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议:   它是一个安全通信通道,它基于HTTP开发,用于在客户计算机和服务器之间交换信息,它使用安全套 ...

  6. https的了解

    经常用支付宝,看到了https就查了一下. HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议. 简单讲是HTTP的安全版.即HTTP下加入SSL层, ...

  7. php--http与https的区别

    在URL前加https://前缀表明是用SSL加密的.你的电脑与服务器之间收发的信息传输将更加安全. Web服务器启用SSL需要获得一个服务器证书并将该证书与要使用SSL的服务器绑定. http和ht ...

  8. HTTP 和 HTTPS 协议

    HTTP协议是什么? 简单来说,就是一个基于应用层的通信规范:双方要进行通信,大家都要遵守一个规范,这个规范就是HTTP协议. HTTP协议能做什么? 很多人首先一定会想到:浏览网页.没错,浏览网页是 ...

  9. 《Apache数据传输加密、证书的制作》——涉及HTTPS协议

    首先了解http和https: HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议. HTTPS和HTTP的区别: http是超文本传输协议,信息是明 ...

随机推荐

  1. PHP常用库函数

    1.时间和日期 如何获取时间戳 time()--从1970年开始计算的毫秒数 echo time(); 日期 echo date('Y-m-d H:i:s'); 获取默认是时区 echo date_d ...

  2. 在线编辑器的使用总结(kindeditor , )

    1).kindedtor中让编辑框默认为“HTML代码/源代码”模式 [javascript] view plaincopyprint? <script> // 自定义插件 #1 Kind ...

  3. Socket网络编程-基础篇

    Socket网络编程 网络通讯三要素: IP地址[主机名] 网络中设备的标识 本地回环地址:127.0.0.1 主机名:localhost 端口号 用于标识进程的逻辑地址 有效端口:0~65535 其 ...

  4. LibreOffice 打开中文乱码

    From: http://hi.baidu.com/designhouse/item/746130c01f98a42dee4665de 1:文件->打开 2:文件类型:已编码文本

  5. wcf 推送 与 广播

    原文地址:http://blog.csdn.net/is_zhoufeng/article/details/7641234 ////wcf 接口   #region << 版 本 注 释 ...

  6. 【SSM 6】Spring+SpringMVC+Mybatis框架搭建步骤

    一.整体概览 首先看maven工程的创建 二.各层的文件配置 2.1,SSM父工程 <span style="font-family:KaiTi_GB2312;font-size:18 ...

  7. zookeeper 节点的移动与删除

    package com.zhengmo.test; import java.util.List; import org.apache.zookeeper.CreateMode; import org. ...

  8. 19.dnw打不开

    用dnw.exe烧写文件时,突然出现电脑死机,重启后,dnw就打不开了,dnw.ini的原因,该文件在c盘目录下,只需要删除它,就可以继续使用dnw了.

  9. 关于int类型的赋值语句正确的有

    A.char a=65;          对 B.int a=12.0; C.int a=12.0f; D.int a=(int)12.0     对

  10. 怎么在win7的64位旗舰版上配置coocs2d-x 3.2的android环境并且打包APK

    我这用的操作系统是64位win7旗舰版打包成功. 希望有急用的能看到这篇文章,毕竟大家都是从菜鸟到大神的. 也以此证明自己的成长历程. 需要的东西有: 1.JAVA-JDK 2.Python 2.7. ...