https://tiptopsecurity.com/how-does-https-work-ssl-tls-explained/
https://www.nginx.com/blog/nginx-https-101-ssl-basics-getting-started/
https://www.hi-linux.com/posts/21572.html
https://zhuanlan.zhihu.com/p/25587986
https://www.jianshu.com/p/51cc23843756
https://github.com/youngwind/blog/issues/108
https://www.jianshu.com/p/81ed6c02012a
Here’s how it works in more detail:
- Your browser reaches out to the website server and requests a connection.
- The server sends you its public key. It keeps its private key a secret.
- Your browser generates a third key called a session key.
- The session key is encrypted by your computer using the public key you got from the server
- The encrypted session key is then shared with the server.
- The server decrypts the session key that it received from you using the secret private key. Now both ends have the session key that your computer generated.
- The public key encryption is terminated and replaced with symmetric encryption.
- Now you are in a session with the server using only symmetric encryption, and that’s how it remains until you leave the website.
At the end both client and server share the symmetric key.
No comments:
Post a Comment