ssl

What is a TLS handshake?

面试官求你了，别再问我HTTPS

1. what is https

https is a extension of http, and a secure http.

2. certificatin

1. contents:
   1. The domain name that the certificate was issued for
   2. Which person, organization, or device it was issued to
   3. Which certificate authority issued it
   4. The certificate authority’s digital signature
   5. Associated subdomains
   6. Issue date of the certificate
   7. Expiration date of the certificate
   8. The public key (the private key is kept secret)

2. tls handshake

1. send a random string, tls version, cipher suites supported,etc;
2. send chosen chiper suite , certificate
3. verify the certificate; send a pre-master key
4. decrypt the per-master key

after above; both client and server generate symmetrical secrect from random key and pre-mater key

use (public key)asymmetric encryption to generate pre-master key

2. SSL/TLS

1. SSL vs TLS？

2. what is SSL certification

used to provide the public key;

the client must verify the certification before using it;

3. types of SSL certification

1. DV: domain validated: only validate you own the URL
2. OV: organization validated: validate you own the url while you own the orgation
3. EV: Extended validation: provide more information

4. how does the brower verify the cerfification

the superior use the public key to validate the signature which generated by private key;(证书里声明的哈希算法对明文部分进行哈希和公钥解开后的签名进行比较)

1. what is signature,how to verify

generate the signature

1. use hash algorithm to generate a digest of the content;
2. use private key to encrypt the digest

verify the signature

1. hash the content: A1
2. use public key tp decrypt the signature: A2
3. compare A1 and A2;

antoher question

1. why need CA ?

CA(certificate authority)颁发证书和提供证书验证机制

防止中间人攻击: 中间人可以使用自己的公钥替换服务端公钥；CA提供一种安全机制确保证书是可信的；

generate

1. acme: automatic certificate management environment between certificate authorities and user’s web services;;

2. free ca:

   1. let’s encrypt it
   2. zero ssl