HTTPS - HackMD

# HTTPS ## 1. 淺談 HTTPS - HTTP的衍生版, HTTP over TLS / HTTP over SSL - 使用加密過的secure communication，network本身一定有被監聽的風險，https的目的就是讓即使你的資料被監聽，別人也沒有辦法解析它 - HTTPS的authentication有2種，one-way authentication(client檢查server的certificate而已)和two-way authentication(client和server互相檢查對方的certificate) - ![](https://hackmd.io/_uploads/H1WoFWjB2.png) - ![](https://hackmd.io/_uploads/r1osYbiH3.png) ### HTTPS vs HTTP - https 是 transport layer, http 則是 application layer - https 就是 http protocol 的 secure version ## 2. 整個詳細流程 ### 1. Hello - client 與 server 之間的初始握手過程中，握手過程的主要目的是確保 client 能夠驗證 server 的身份並建立加密通信(ssl/tls tunnel) - 在握手過程的一部分中，server 會將其 digital certificate 發送給 client，該 digital certificate 包含了 server 的 public key 和其他信息。 #### 1.1. client 發起請求 - client 向 server 發送一個請求(clientHello)，該請求包含 client - 支持的TLS版本 - 加密算法 - 壓縮算法 - 上述資料都是**未加密**的 #### 1.2. server 驗證 - server 接收到 client 的請求後，會向 client 返回一個 ServerHello，該 response 包含 - 適合的TLS版本 - 加密算法 - 壓縮算法 - 數字憑證（Digital Certificate, 常見的 certificate 規範有 [X.509](https://en.wikipedia.org/wiki/X.509#Structure_of_a_certificate)） ### 2. Certificate Exchange #### 2.1. client 驗證憑證 - client 會檢查數字憑證的有效性、合法性和發行機構等信息，以確定該憑證是否可信 - 利用`Digital Certificate`裏面的`Signature`來確認`Digital Certificate`是沒有被篡改的 ### 3. Key Exchange #### 3.1. 建立安全連接 - Digital certificate 通過驗證 - client(eg: 瀏覽器) 和 server 會根據選擇的 - `TLS版本`(eg: TLS 1.3) - `公開密鑰加密技術`(eg: `RSA/DHE`) 來進行密鑰(`session key`)交換 - 這個過程確保了密鑰的安全傳遞，使得只有 client 和 server 能夠得到 `session key` 的值 - 這樣 client 和 server 就已經成功建立安全的連接 - 該連接是加密的通道(用 `session key` 來加密)，用於保護數據的安全性和私密性 #### 3.2. 進行加密通信： - 在安全連接建立後，client 和 server 之間的所有數據傳輸都將在加密的狀態下進行 - 這包括用戶輸入的數據、 server 的回應以及其他任何數據傳輸。 #### 3.3. 完成請求和回應 - client 向 server 發送請求，包括具體的操作（例如網頁請求、API 請求等）。 - server 接收到請求後，處理並生成回應數據。回應數據也是在加密的狀態下傳輸到 client。 ### 4. Exit #### 4.1. 關閉連接 - 當通信完成後，client 和 server 可以選擇關閉連接 - client 和 server 之間的連接將被關閉，結束整個 HTTPS 通信過程 ## 3. 何爲 Digital Certificate - 通常也被稱爲 public key certificate, identity certificate - 之所以可信度高，在於 certificate 會由可信任的其他單位 (issuer) 驗證 (which他們會用他們的private key幫你sign) ![](https://hackmd.io/_uploads/ByLvYlsB3.png) ### 一個驗證 Digital Certificate 的流程 - 用 `intermidiate CA` 的 public key 來 verify 目前的 `end-entity certificate` 是沒有被篡改的(上圖的 verify signature) - ![](https://hackmd.io/_uploads/B1WsUJqB3.png) - 用 `root CA` 的 public key 來 verify 目前的 `intermediate certificate` 是沒有被篡改的 - 用自己的 trusted root certification authorities(這個list通常會是OS自己就有或者是由瀏覽器提供) 來確認目前的 `root CA` 是可信的 - ![](https://hackmd.io/_uploads/BJLlAgirh.png) ### 一個 digital certificate 的 common field - Serial Number: 流水號(我會認爲是每個 certificate 的 unique id) - Subject: 這個 certificate 到底屬於哪個單位 - Issuer: 誰負責驗證這個 certificate 是可信的(eg: intermidiate CA 會驗證 end-entity certificate) - Not Before: Certificate 在這個日期前是不信的 - Not After: Certificate 在這個日期后是不信的 - Key Usage: 指定這個 certificate's public key 可以做的事情. - Common values include digital signature validation, key encipherment, and certificate signing(intermediate certificate 或者是更加上層的 certificate 才會有的功能) - Extended Key Usage: The applications in which the certificate may be used. - Common values include TLS server authentication, email protection, and code signing. - Public Key: A public key belonging to the certificate subject. - Signature Algorithm: This contain a hashing algorithm and a digital signature algorithm. For example "sha256RSA" where sha256 is the hashing algorithm and RSA is the signature algorithm. - Signature: The body of the certificate is hashed (hashing algorithm in "Signature Algorithm" field is used) and then the hash is signed (signature algorithm in the "Signature Algorithm" field is used) with the issuer's private key. #### Example ``` Certificate: Data: Version: 3 (0x2) Serial Number: 72:14:11:d3:d7:e0:fd:02:aa:b0:4e:90:09:d4:db:31 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Texas, L=Houston, O=SSL Corp, CN=SSL.com EV SSL Intermediate CA RSA R3 Validity Not Before: Apr 18 22:15:06 2019 GMT Not After : Apr 17 22:15:06 2021 GMT Subject: C=US, ST=Texas, L=Houston, O=SSL Corp/serialNumber=NV20081614243, CN=www.ssl.com/postalCode=77098/businessCategory=Private Organization/street=3100 Richmond Ave/jurisdictionST=Nevada/jurisdictionC=US Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ad:0f:ef:c1:97:5a:9b:d8:1e ... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:BF:C1:5A:87:FF:28:FA:41:3D:FD:B7:4F:E4:1D:AF:A0:61:58:29:BD Authority Information Access: CA Issuers - URI:http://www.ssl.com/repository/SSLcom-SubCA-EV-SSL-RSA-4096-R3.crt OCSP - URI:http://ocsps.ssl.com X509v3 Subject Alternative Name: DNS:www.ssl.com, DNS:answers.ssl.com, DNS:faq.ssl.com, DNS:info.ssl.com, DNS:links.ssl.com, DNS:reseller.ssl.com, DNS:secure.ssl.com, DNS:ssl.com, DNS:support.ssl.com, DNS:sws.ssl.com, DNS:tools.ssl.com X509v3 Certificate Policies: Policy: 2.23.140.1.1 Policy: 1.2.616.1.113527.2.5.1.1 Policy: 1.3.6.1.4.1.38064.1.1.1.5 CPS: https://www.ssl.com/repository X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crls.ssl.com/SSLcom-SubCA-EV-SSL-RSA-4096-R3.crl X509v3 Subject Key Identifier: E7:37:48:DE:7D:C2:E1:9D:D0:11:25:21:B8:00:33:63:06:27:C1:5B X509v3 Key Usage: critical Digital Signature, Key Encipherment CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 87:75:BF:E7:59:7C:F8:8C:43:99 ... Timestamp : Apr 18 22:25:08.574 2019 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:40:51:53:90:C6:A2 ... Signed Certificate Timestamp: Version : v1 (0x0) Log ID : A4:B9:09:90:B4:18:58:14:87:BB ... Timestamp : Apr 18 22:25:08.461 2019 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:43:80:9E:19:90:FD ... Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 55:81:D4:C2:16:90:36:01:4A:EA ... Timestamp : Apr 18 22:25:08.769 2019 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:C1:3E:9F:F0:40 ... Signature Algorithm: sha256WithRSAEncryption 36:07:e7:3b:b7:45:97:ca:4d:6c ... ``` ## 4. 演算法特性 - 上面提的這些事情之所以能成立，要歸功于`非對稱加密演算法(asymmetric encryption algorithm)` - Thus the keys may be swapped without loss of generality, that is, a private key of a key pair may be used either to: - Decrypt a message only intended for the recipient, which may be encrypted by anyone having the public key (asymmetric encrypted transport). - Client 用 public key 加密的資料可以讓 server 用 private key 來解密(在 client 提供要使用的 session key 給 server 的時候) - Encrypt a message which may be decrypted by anyone, but which can only be encrypted by one person; this provides a digital signature. - Server 用 private key 加密的資料可以讓 client 用 public key 來解密(digital certificate verify signature的時候會使用到) - 常見的演算法有 `DHE, RSA, ECC(Elliptic Curve Cryptography)` ## 5. 一些不錯使用的 tool ### 1. 如果我想要知道目前連綫中的 server 到底是使用什麽 ssl/tls version - Browser > devtools > security > connection ![](https://hackmd.io/_uploads/r1IrDgjB2.png) ### 2. 如果我想要確認某個 server 到底支援哪些 protocol - https://www.ssllabs.com/ssltest/analyze.html?d=www.google.com&s=2607%3af8b0%3a4007%3a815%3a0%3a0%3a0%3a2004&hideResults=on&ignoreMismatch=on - 以 `www.google.com` 爲例 - ![](https://hackmd.io/_uploads/S1J3DloSh.png) ### 3. 如果我想要知道 browser(which usually be client) 到底支援到哪些 ssl/tls version - https://en.wikipedia.org/wiki/Version_history_for_TLS/SSL_support_in_web_browsers - eg: 可以看到 chrome 其實早在 2015 就不支援 ssl 了 - ![](https://hackmd.io/_uploads/HJ5rOxoSn.png) ### 4. 如果我想要知道現在連綫的 server 的 digital certificate 到底長怎樣 - ![](https://hackmd.io/_uploads/Byggd-oBh.png) - ![](https://hackmd.io/_uploads/S1Rl_Zorh.png) - ![](https://hackmd.io/_uploads/BkaRvZjr3.png) - ![](https://hackmd.io/_uploads/Sy_MdZiS2.png) ## 6. ref - https://en.wikipedia.org/wiki/HTTPS - https://en.wikipedia.org/wiki/Public_key_certificate - https://en.wikipedia.org/wiki/Digital_signature - https://en.wikipedia.org/wiki/Certificate_authority - https://robertheaton.com/2014/03/27/how-does-https-actually-work/ - https://en.wikipedia.org/wiki/Version_history_for_TLS/SSL_support_in_web_browsers - https://en.wikipedia.org/wiki/RSA_(cryptosystem)