what is HTTPS

HTTPS = HTTP + TSL




Hypertext Transfer Protocol Secure (HTTPS) is acommunications protocol forsecure
communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simplylayering theHypertext
Transfer Protocol
(HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. The main motivation for HTTPS is to preventwiretapping
and man-in-the-middle attacks.

TLS (Transport Layer Security)

Transport Layer Security (TLS) and its predecessor,Secure Sockets Layer (SSL), arecryptographic
protocols
designed to provide communication security over the Internet.[1] They useX.509
certificates and henceasymmetric cryptography toauthenticate
the counterparty
with whom they are communicating, and to exchange asymmetric key. This session key is then used to encrypt
data flowing between the parties. This allows for data/message confidentiality, andmessage authentication codes for message
integrity and as a by-product, message authentication. 

TLS handshaking procedure

1. Client sends hello message to server
2. Server sends hello message and certificate (public key is in certificate) to client
3. Client authenticate server's certificate by checking if received certificate subject name actually matches the name of server being contacted, if the issuer of the certificate is a trustedcertificate
authority
 (e.g. VeriSign/Microsoft/etc. which are pre-installed in browser)
4. Using all data generated in the handshake thus far, client creates the shared session key and encrypts it with server's public key, and then sends the encrypted session key to server
5. The client sends a message to server informing it that future messages from client will be encrypted with the session key, it then sends a separate message (encrypted) indicating that the client portion of handshake is finished.
6. The server does the same to client

How can i trust you

CA - Certificate Authority


CA is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate and it is a
trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate.

CA Providers



Java HTTPS support

Use HttpsURLConnection



Use Apache AHC (Asynchronous Http Client)


参考:


版权声明:本文为博主原创文章,未经博主允许不得转载。

HTTPS (HTTP Secure)的更多相关文章

  1. 【转】SSL协议、SET协议、HTTPS简介

    一.SSL协议简介 SSL是Secure Socket Layer的缩写,中文名为安全套接层协议层.使用该协议后,您提交的所有数据会首先加密后,再提交到网易邮箱,从而可以有效防止黑客盗取您的用户名.密 ...

  2. GET和POST区别,http和https区别

    在开发中我们需要和后台进行数据的交互,但是咋样交互呢?通常我们是通过网络请求进行数据的交互,一般使用http/https/tcp/udp等进行数据的交互. http长连接和短连接 1. HTTP协议与 ...

  3. 问题:https与http有什么区别啊?

    HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议  它是一个安全通信通道,它基于HTTP开发,用于在客户计算机和服务器之间交换信息.它使用安全套接字 ...

  4. Oracle EM 的访问方式由HTTPS改为HTTP

    打开命令提示符,依次运行以下命令: set ORACLE_HOSTNAME=%COMPUTERNAME% set ORACLE_UNQNAME=orcl rem 指向 dbhome_1\oc4j\j2 ...

  5. HTTP协议与HTTPS协议区别

    HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议:   它是一个安全通信通道,它基于HTTP开发,用于在客户计算机和服务器之间交换信息,它使用安全套 ...

  6. https的了解

    经常用支付宝,看到了https就查了一下. HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议. 简单讲是HTTP的安全版.即HTTP下加入SSL层, ...

  7. php--http与https的区别

    在URL前加https://前缀表明是用SSL加密的.你的电脑与服务器之间收发的信息传输将更加安全. Web服务器启用SSL需要获得一个服务器证书并将该证书与要使用SSL的服务器绑定. http和ht ...

  8. HTTP 和 HTTPS 协议

    HTTP协议是什么? 简单来说,就是一个基于应用层的通信规范:双方要进行通信,大家都要遵守一个规范,这个规范就是HTTP协议. HTTP协议能做什么? 很多人首先一定会想到:浏览网页.没错,浏览网页是 ...

  9. 《Apache数据传输加密、证书的制作》——涉及HTTPS协议

    首先了解http和https: HTTPS(Secure Hypertext Transfer Protocol)安全超文本传输协议. HTTPS和HTTP的区别: http是超文本传输协议,信息是明 ...

随机推荐

  1. 没想到cnblog也有月经贴,其实C#值不值钱不重要。

    呵呵,就不倚老卖老了,从basic走过来,一路经历vb,vf,delphi,C#,php,asp,html,js,css,太多太多的开发语言,包括面向对象编程思想,语义化页面结构等等,除了高级的编程技 ...

  2. mysql数据库字符集的设置

    my.ini文件中clinet和mysqld中的写法不一样,要注意  [client]   port=3306   default-character-set=utf8      [mysqld]   ...

  3. Android工作学习第5天之Activity的完全退出程序

    注:本文大部分为网上转载,本人只是根据工作的需要略做整合! android 完全退出应用程序 注意:1.单例模式的学习 2.Manifest.xml,注意项目清单文件中要加上 android退出应用程 ...

  4. JAVA 判断Socket 远程端是否断开连接

    最近在做项目的时候,遇到这样一个问题,如何判断 Socket 远程端连接是否关闭,如果关闭的话,就要重建连接Socket的类提供了一些已经封装好的方法, 如  isClosed().isConnect ...

  5. 洛谷P1371 NOI元丹

    P1371 NOI元丹 71通过 394提交 题目提供者洛谷OnlineJudge 标签云端评测 难度普及/提高- 提交  讨论  题解 最新讨论 我觉得不需要讨论O long long 不够 没有取 ...

  6. 剑指offer-二叉树的深度

    题目: 输入一棵二叉树,求该树的深度.从根结点到叶结点依次经过的结点(含根.叶结点)形成树的一条路径,最长路径的长度为树的深度. 链接: http://www.nowcoder.com/practic ...

  7. spring-security4.1.2的学习

    spring security教程 spring security是什么? Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架.它提供了 ...

  8. 关键字sizeof---常年被人误认为函数

    sizeof 是关键字不是函数, sample: int  i=0; A)  sizeof(int);  B) sizeof(i);  C)sizeof  int;   D)sizeof  i; C) ...

  9. Sla子分类账表结构

    --基础事件关系图Select * From xla_entity_types_vl; --事件实体Select * From xla_entity_id_mappings;--实体ID对应表Sele ...

  10. 第三次作业:caculator

    第三次作业 作业链接 ********* 遇到的问题: Scan类: 队列的使用方法不了解,上网查询并自己练习了一下才初步了解,才运用到作业 . 判断数字用的 if (input[i] >= ' ...