2. Https Ssl/tls

BRYNNBRYNN
2 min read

What is HTTPS?

HTTPS stands for HTTP + SSL/TLS, a protocol that encrypts data to enhance security.

  • It ensures secure data transmission between the client and the server.

  • In plain HTTP, a third party can intercept the data exchanged between the client and server because it is transmitted in plaintext.

  • However, HTTPS encrypts the data between the client and server, preventing unauthorized parties from viewing it.

Encryption Methods:

Asymmetric Key Encryption:

  • The server and client use different keys for encryption.

  • The server has a private key, and the client receives the server’s public key.

  • When data is transmitted, it is encrypted using these keys. Data encrypted with the public key can only be decrypted by the private key, and vice versa.

  • This ensures that a third party cannot see the data sent by the client.

  • Issue: A third party might still see the data sent by the server.

Symmetric Key Encryption:

  • In this method, both the server and client use the same key to encrypt and decrypt data.

  • However, anyone with the key can view the data, so the key must be shared securely.

  • Solution: Use asymmetric key encryption to securely share the key, after which symmetric encryption is used for the actual data exchange.

HTTPS Communication Process:

  1. Client Hello:

    • The client sends a Client Hello message, which includes random data, to the server.

  2. Server Hello:

    • The server responds with a Server Hello, including its public key certificate.

    • The server's certificate is verified by a Certificate Authority (CA).

  3. Certificate Verification:

    • The client verifies the server’s certificate using the CA’s public key embedded in the browser.

    • If the certificate cannot be decrypted with the CA’s private key, the client considers the server untrustworthy, and the HTTPS connection fails.

    • If the verification is successful, the client receives the server’s public key.

  4. Pre-Master Key Exchange:

    • The client generates a Pre-Master Key using the random data and encrypts it with the server’s public key, sending it to the server.

    • The server decrypts the Pre-Master Key using its private key.

  5. Session Key:

    • Both the server and client now share a symmetric session key, which is used for fast, secure data transmission.

    • From this point onward, the data is encrypted and decrypted using symmetric key encryption, which is faster than asymmetric encryption.

0
Subscribe to my newsletter

Read articles from BRYNN directly inside your inbox. Subscribe to the newsletter, and don't miss out.

https

Written by

BRYNN
BRYNN