Security Testing 简明教程

Security Testing - HTTPS Protocol Basics

HTTPS(安全套接字层上的超文本传输协议)或 HTTP over SSL 是由网景开发的 Web 协议。它不是一种协议,而只是将 HTTP 分层在 SSL/TLS(安全套接层/传输层安全)之上的结果。

HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) or HTTP over SSL is a web protocol developed by Netscape. It is not a protocol but it is just the result of layering the HTTP on top of SSL/TLS (Secure Socket Layer/Transport Layer Security).

简而言之,HTTPS = HTTP + SSL

In short, HTTPS = HTTP + SSL

When is HTTPS Required?

When we browse, we normally send and receive information using HTTP protocol. So this leads anyone to eavesdrop on the conversation between our computer and the web server. Many a times we need to exchange sensitive information which needs to be secured and to prevent unauthorized access.

Https protocol used in the following scenarios −

  1. Banking Websites

  2. Payment Gateway

  3. Shopping Websites

  4. All Login Pages

  5. Email Apps

Basic Working of HTTPS

  1. Public key and signed certificates are required for the server in HTTPS Protocol.

  2. Client requests for the https:// page

  3. When using an https connection, the server responds to the initial connection by offering a list of encryption methods the webserver supports.

  4. In response, the client selects a connection method, and the client and server exchange certificates to authenticate their identities.

  5. After this is done, both webserver and client exchange the encrypted information after ensuring that both are using the same key, and the connection is closed.

  6. For hosting https connections, a server must have a public key certificate, which embeds key information with a verification of the key owner’s identity.

  7. Almost all certificates are verified by a third party so that clients are assured that the key is always secure.

https Protocol