How HTTPS Protocol Works
How HTTPS Protocol Works
How HTTPS Protocol Works
HTTP is the protocol for message exchange between server and client. Usually,
the HTTP server "listens" on port number 80. For the purpose of testing and
local/internal use, it can be changed to meet our customer needs. HTTP is an
application protocol that uses TCP (Transmission Control Protocol) for
connecting and ensuring communication between server and client.
Now, every single piece of the data sent or received via HTTP exists in plain text.
Naturally, it can be accessed without too much sweat. If the HTTP is used for,
authentication it is a bad practice because all sensitive data can be seen easily.
Given that HTTP can be used to control sessions, caching, authentication, etc.
it implies how much it needs leaks without proper security applied.
HTTPS Protocol
Server Hello
An indication that the client needs to talk to the server via TLS
Sending supported TLS protocol (version) and cipher settings
Server’s public key (known as a certificate)
server_random value generated
Auth
The client authenticates the server’s certificate for Common Name, Issuer and Date
The client generates a pre-master key for encryption of the communication
The client encrypts the pre-master key with the server’s certificate and sends the
encrypted data to the server
HTTPS Handshake
Master key
The server decrypts pre-master key with its private key
The client generates the master key by earlier agreed cipher
The server generates the master key by earlier agreed cipher
Session keys
The client generates session key for communication encryption
The server generates a session key for communication encryption
Encryption
The client informs server that future communication will be encrypted
The server informs the client that future communication will be encrypted
On diagram, it looks something like this: