What happens when we use "HTTPS" in URL
HTTPS Stands for HyperText Transfer Protocol which uses SSL/TLS as a result of which the data exchange between your browser (client) and Server( for example facebook.com) is encrypted and secure.
Before exchanging any data between client and server, trust is established between both and then the data is exchanged securely using encryption.
Before the HTTPS or SSL connections is established, TCP connection is created between the client and server. Here is how a TCP connection is created:
TCP Three Way Handshake Explained | How A TCP Connection Is Made | Computer Networks
Why HTTPS/SSL?
1. Privacy - To ensure nobody else on the network reads your message.
2. Integrity - To make sure the message isn’t manipulated while its on the way to reach receiver.
3. Identification - To make sure, you are connecting to right server (For example, nobody else is trying to be facebook.com)
To achieve above, encryption is needed.
Encryption can be done in two ways:
1. Symmetric - One (Same) key is used by both server and client to encrypt/decrypt the data.
2. Asymmetric - Public and Private (two) keys are used. Only public key is shared with the client and the client uses public key to encrypt the data and the server uses its private key to decrypt the data.
SSL/HTTPS handshake uses both type of encryption i.e. Symmetric and Asymmetric.
Steps in SSL Handshake:
- Client sends a "client hello" message along with the TLS version, cipher suit available and a Client Random Secret (CRS).
- Server receives the message and chooses a best TLS version and cipher suit available and sends back this info to client along with the public key, SSL certificate and a Server Random Secret (SRS).
- Client, on receiving these information verify the certificates whether it is valid and issued by a valid CA(Certificate Authority). After verifying It generates a Pre-Master-Key (PMK) and sends it to server by encrypting it using public key.
- Now client and server both have PMK, CRS and SRS. Using these three, both generates a Session Key(SK) which will be used by both to encrypt and decrypt the data in further communication.
- Both sends a ready message to each other encryption the message with SK.
- Now both are ready to exchange the data using SK.
Video Tutorial In Hindi on “HTTPS काम कैसे करता है”
TLS Handshake In Hindi | HTTPS कैसे काम करता है | RSA Key Exchange Algorithm | How HTTPS Works
Video Tutorial In Hindi on “How HTTPS Works”
How HTTPS Works | TLS/SSL Handshake Explained | SSL Encryption - Symmetric + Asymmetric
0 comments:
Post a Comment