Internet communication security is based on SSL/TLS protocol.

HTTP shortcomings

HTTP communication without SSL/TLS is unencrypted communication. With all information in plain text, there are three main risks.

(1) HTTP itself does not have encryption function, and its messages are sent in plain text, so it is impossible to determine whether the request or response is eavesdropped.

(2) Request and response may be intercepted or modified by attackers during transmission (this attack is called man-in-the-middle attack), and it is impossible to determine whether the request or response is tampered with.

(3) It cannot be determined whether the request is sent to the camouflaged Web server, whether the response is returned to the camouflaged client, and whether the communicating party has access rights.

What is the HTTPS

  • HTTP has no encryption, but it can be used in combination with Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to Secure HTTP communication over the line. HTTP used in combination with SSL is called HTTP Secure (HTTPS) or HTTP over SSL.

  • HTTPS communicates over HTTP, but uses SSL/TLS to encrypt packets. HTTPS is developed to provide identity authentication for web servers and protect the privacy and integrity of exchanged data.

  • HTTPS is not a new protocol at the application layer, but THE HTTP communication interface is replaced by SSL and TLS.

TLS and SSL functions

  • Encryption of communication

    SSL establishes secure communication lines

  • Find out your opponent’s credentials

    SSL provides not only encryption but also a means, called a certificate, to determine that the communicating party is the target server

  • Ensure data integrity

    The hash algorithm, also known as the digest algorithm, implements data integrity

TLS and SSL implementations

The HTTPS protocol basically relies on TLS/SSL, and TLS/SSL relies on three basic algorithms: Hash function, symmetric encryption and asymmetric encryption, which uses asymmetric encryption to realize identity authentication and key negotiation, symmetric encryption algorithm uses the negotiated key to encrypt data, based on the hash function to verify the integrity of information.

Refer to the article

A minute to understand HTTPS

Overview of the SSL/TLS protocol operation mechanism

By the end of this HTTPS, you’ll be fine with bickering with the interviewer