HTTPS related content

S-arige 2022-02-13 06:51:25 阅读数:23

https related content


https Interaction process :




 HTTPS Problem solved :

      1 . The problem of trusting hosts . use https Of server Must be from CA Request a certificate that certifies the type of server use . The certificate can only be used for the corresponding server When , Customers trust the secondary host . So all the current banking system websites , Key applications are https Of , By trusting the certificate , So I trust the host , In fact, it's very inefficient , But banks are more focused on security . This doesn't mean anything to us , our server The certificate used doesn't matter issue Or from the public issue, Clients are all their own , So we must trust that server.


      2 . Data leakage and tampering in the process of communication

      1) In a general sense https, Namely server There is a certificate .

      a) The main purpose is to guarantee server That's what he claims server. This is the same as the first point .

      b) All communication between server and client , It's all encrypted .

      i. Specifically , It's the client that generates a symmetric key , adopt server Certificate to exchange key , The handshake process in general .

      ii. Plus all the information is encrypted , Even if intercepted by a third party , It doesn't make any sense , Because he doesn't have a key , Of course, there is no point in tampering .

      2) In a few cases where there are requirements for the client , The client will also be required to have a certificate .

      a) Here is the client certificate , In fact, it's similar to personal information , Except for user name / password , One more CA Certified identity , Generally speaking, personal certificates cannot be simulated by others , All of this can further confirm their identity .

      b) At present, the professional version of a few personal banks is this way , The specific certificate may be to take U Disk as a backup carrier .


https exception handling :

1、Trust Anchor not found for Android SSL Connection

terms of settlement :

A special emphasis on !!!! go online google play Classmate , Never use x509.

2、ssl and tls Support situation :(ssl 3 In the domestic part cdn I don't support , Because there are certain security vulnerabilities )

copyright:author[S-arige],Please bring the original link to reprint, thank you.