ǰÑÔ
HTTPS£¨È«³Æ£ºHyperText Transfer Protocol over Secure Socket
Layer£©£¬Æäʵ HTTPS ²¢²»ÊÇÒ»¸öÐÂÏÊÐÒ飬Google ºÜÔç¾Í¿ªÊ¼ÆôÓÃÁË£¬³õÖÔÊÇΪÁ˱£Ö¤Êý¾Ý°²È«¡£
½üÁ½Ä꣬Google¡¢Baidu¡¢Facebook µÈÕâÑùµÄ»¥ÁªÍø¾ÞÍ·£¬²»Ä±¶øºÏµØ¿ªÊ¼´óÁ¦ÍÆÐÐ HTTPS£¬
¹úÄÚÍâµÄ´óÐÍ»¥ÁªÍø¹«Ë¾ºÜ¶àÒ²¶¼ÒѾÆôÓÃÁËȫվ HTTPS£¬ÕâÒ²ÊÇδÀ´»¥ÁªÍø·¢Õ¹µÄÇ÷ÊÆ¡£
Ϊ¹ÄÀøÈ«ÇòÍøÕ¾µÄ HTTPS ʵÏÖ£¬Ò»Ð©»¥ÁªÍø¹«Ë¾¶¼Ìá³öÁË×Ô¼ºµÄÒªÇó£º
1£©Google Òѵ÷ÕûËÑË÷ÒýÇæËã·¨£¬ÈòÉÓà HTTPS µÄÍøÕ¾ÔÚËÑË÷ÖÐÅÅÃû¸ü¿¿Ç°£»
2£©´Ó 2017 Ä꿪ʼ£¬Chrome ä¯ÀÀÆ÷ÒѰѲÉÓà HTTP ÐÒéµÄÍøÕ¾±ê¼ÇΪ²»°²È«ÍøÕ¾£»
3£©Æ»¹ûÒªÇó 2017 Äê App Store ÖеÄËùÓÐÓ¦Óö¼±ØÐëʹÓà HTTPS ¼ÓÃÜÁ¬½Ó£»
4£©µ±Ç°¹úÄÚ³´µÄºÜ»ðÈȵÄ΢ÐÅС³ÌÐòÒ²ÒªÇó±ØÐëʹÓà HTTPS ÐÒ飻
5£©ÐÂÒ»´úµÄ HTTP/2 ÐÒéµÄÖ§³ÖÐèÒÔ HTTPS Ϊ»ù´¡¡£
µÈµÈ£¬Òò´ËÏë±ØÔÚ²»¾ÃµÄ½«À´£¬È«Íø HTTPS ÊÆÔÚ±ØÐС£
¸ÅÄî
ÐÒé
1¡¢HTTP ÐÒ飨HyperText Transfer Protocol£¬³¬Îı¾´«ÊäÐÒ飩£ºÊǿͻ§¶Ëä¯ÀÀÆ÷»òÆäËû³ÌÐòÓëWeb·þÎñÆ÷Ö®¼äµÄÓ¦ÓòãͨÐÅÐÒé
¡£
2¡¢HTTPS ÐÒ飨HyperText Transfer Protocol over Secure
Socket Layer£©£º¿ÉÒÔÀí½âΪHTTP+SSL/TLS£¬ ¼´ HTTP ϼÓÈë SSL ²ã£¬HTTPS
µÄ°²È«»ù´¡ÊÇ SSL£¬Òò´Ë¼ÓÃܵÄÏêϸÄÚÈݾÍÐèÒª SSL£¬ÓÃÓÚ°²È«µÄ HTTP Êý¾Ý´«Êä¡£

ÈçÉÏͼËùʾ HTTPS Ïà±È HTTP ¶àÁËÒ»²ã SSL/TLS
SSL£¨Secure Socket Layer£¬°²È«Ì×½Ó×ֲ㣩£º1994ÄêΪ Netscape ËùÑз¢£¬SSL
ÐÒéλÓÚ TCP/IP ÐÒéÓë¸÷ÖÖÓ¦ÓòãÐÒéÖ®¼ä£¬ÎªÊý¾ÝͨѶÌṩ°²È«Ö§³Ö¡£
TLS£¨Transport Layer Security£¬´«Êä²ã°²È«£©£ºÆäǰÉíÊÇ SSL£¬Ëü×î³õµÄ¼¸¸ö°æ±¾£¨SSL
1.0¡¢SSL 2.0¡¢SSL 3.0£©ÓÉÍø¾°¹«Ë¾¿ª·¢£¬1999Äê´Ó 3.1 ¿ªÊ¼±» IETF ±ê×¼»¯²¢¸ÄÃû£¬·¢Õ¹ÖÁ½ñÒѾÓÐ
TLS 1.0¡¢TLS 1.1¡¢TLS 1.2 Èý¸ö°æ±¾¡£SSL3.0ºÍTLS1.0ÓÉÓÚ´æÔÚ°²È«Â©¶´£¬ÒѾºÜÉÙ±»Ê¹Óõ½¡£TLS
1.3 ¸Ä¶¯»á±È½Ï´ó£¬Ä¿Ç°»¹Ôڲݰ¸½×¶Î£¬Ä¿Ç°Ê¹ÓÃ×î¹ã·ºµÄÊÇTLS 1.1¡¢TLS 1.2¡£
¼ÓÃÜËã·¨£º
¾Ý¼ÇÔØ£¬¹«ÔªÇ°400Ä꣬¹ÅÏ£À°È˾ͷ¢Ã÷ÁËÖû»ÃÜÂ룻ÔÚµÚ¶þ´ÎÊÀ½ç´óÕ½ÆÚ¼ä£¬µÂ¹ú¾ü·½ÆôÓÃÁË¡°¶÷Äá¸ñÂꡱÃÜÂë»ú£¬ËùÒÔÃÜÂëѧÔÚÉç»á·¢Õ¹ÖÐÓÐ׏㷺µÄÓÃ;¡£
1¡¢¶Ô³Æ¼ÓÃÜ
ÓÐÁ÷ʽ¡¢·Ö×éÁ½ÖÖ£¬¼ÓÃܺͽâÃܶ¼ÊÇʹÓõÄͬһ¸öÃÜÔ¿¡£
ÀýÈ磺DES¡¢AES-GCM¡¢ChaCha20-Poly1305µÈ
2¡¢·Ç¶Ô³Æ¼ÓÃÜ
¼ÓÃÜʹÓõÄÃÜÔ¿ºÍ½âÃÜʹÓõÄÃÜÔ¿ÊDz»ÏàͬµÄ£¬·Ö±ð³ÆÎª£º¹«Ô¿¡¢Ë½Ô¿£¬¹«Ô¿ºÍËã·¨¶¼Êǹ«¿ªµÄ£¬Ë½Ô¿ÊDZ£Ãܵġ£·Ç¶Ô³Æ¼ÓÃÜËã·¨ÐÔÄܽϵͣ¬µ«Êǰ²È«ÐÔ³¬Ç¿£¬ÓÉÓÚÆä¼ÓÃÜÌØÐÔ£¬·Ç¶Ô³Æ¼ÓÃÜËã·¨ÄܼÓÃܵÄÊý¾Ý³¤¶ÈÒ²ÊÇÓÐÏ޵ġ£
ÀýÈ磺RSA¡¢DSA¡¢ECDSA¡¢ DH¡¢ECDHE
3¡¢¹þÏ£Ëã·¨
½«ÈÎÒⳤ¶ÈµÄÐÅϢת»»Îª½Ï¶ÌµÄ¹Ì¶¨³¤¶ÈµÄÖµ£¬Í¨³£Æä³¤¶ÈÒª±ÈÐÅϢСµÃ¶à£¬ÇÒËã·¨²»¿ÉÄæ¡£
ÀýÈ磺MD5¡¢SHA-1¡¢SHA-2¡¢SHA-256 µÈ
4¡¢Êý×ÖÇ©Ãû
Ç©Ãû¾ÍÊÇÔÚÐÅÏ¢µÄºóÃæÔÙ¼ÓÉÏÒ»¶ÎÄÚÈÝ£¨ÐÅÏ¢¾¹ýhashºóµÄÖµ£©£¬¿ÉÒÔÖ¤Ã÷ÐÅϢûÓб»Ð޸Ĺý¡£hashÖµÒ»°ã¶¼»á¼ÓÃܺó£¨Ò²¾ÍÊÇÇ©Ãû£©ÔÙºÍÐÅÏ¢Ò»Æð·¢ËÍ£¬ÒÔ±£Ö¤Õâ¸öhashÖµ²»±»Ð޸ġ£
Ïê½â
Ò»¡¢HTTP ·ÃÎʹý³Ì

×¥°üÈçÏ£º

ÈçÉÏͼËùʾ£¬HTTPÇëÇó¹ý³ÌÖУ¬¿Í»§¶ËÓë·þÎñÆ÷Ö®¼äûÓÐÈκÎÉí·ÝÈ·ÈϵĹý³Ì£¬Êý¾ÝÈ«²¿Ã÷ÎÄ´«Ê䣬¡°Âã±¼¡±ÔÚ»¥ÁªÍøÉÏ£¬ËùÒÔºÜÈÝÒ×Ôâµ½ºÚ¿ÍµÄ¹¥»÷£¬ÈçÏ£º

¿ÉÒÔ¿´µ½£¬¿Í»§¶Ë·¢³öµÄÇëÇóºÜÈÝÒ×±»ºÚ¿Í½Ø»ñ£¬Èç¹û´ËʱºÚ¿Íð³ä·þÎñÆ÷£¬ÔòÆä¿É·µ»ØÈÎÒâÐÅÏ¢¸ø¿Í»§¶Ë£¬¶ø²»±»¿Í»§¶Ë²ì¾õ£¬ËùÒÔÎÒÃǾ³£»áÌýµ½Ò»´Ê¡°½Ù³Ö¡±£¬ÏÖÏóÈçÏ£º
ÏÂÃæÁ½Í¼ÖУ¬ä¯ÀÀÆ÷ÖÐÌîÈëµÄÊÇÏàͬµÄURL£¬×ó±ßÊÇÕýÈ·ÏìÓ¦£¬¶øÓÒ±ßÔòÊDZ»½Ù³ÖºóµÄÏìÓ¦

ËùÒÔ HTTP ´«ÊäÃæÁٵķçÏÕÓУº
£¨1£© ÇÔÌý·çÏÕ£ººÚ¿Í¿ÉÒÔ»ñ֪ͨÐÅÄÚÈÝ¡£
£¨2£© ´Û¸Ä·çÏÕ£ººÚ¿Í¿ÉÒÔÐÞ¸ÄͨÐÅÄÚÈÝ¡£
£¨3£© ð³ä·çÏÕ£ººÚ¿Í¿ÉÒÔð³äËûÈËÉí·Ý²ÎÓëͨÐÅ¡£
¶þ¡¢HTTP Ïò HTTPS ÑÝ»¯µÄ¹ý³Ì
µÚÒ»²½£ºÎªÁË·ÀÖ¹ÉÏÊöÏÖÏóµÄ·¢Éú£¬ÈËÃÇÏëµ½Ò»¸ö°ì·¨£º¶Ô´«ÊäµÄÐÅÏ¢¼ÓÃÜ£¨¼´Ê¹ºÚ¿Í½Ø»ñ£¬Ò²ÎÞ·¨ÆÆ½â£©

ÈçÉÏͼËùʾ£¬´ËÖÖ·½Ê½ÊôÓڶԳƼÓÃÜ£¬Ë«·½ÓµÓÐÏàͬµÄÃÜÔ¿£¬ÐÅÏ¢µÃµ½°²È«´«Ê䣬µ«´ËÖÖ·½Ê½µÄȱµãÊÇ£º
£¨1£©²»Í¬µÄ¿Í»§¶Ë¡¢·þÎñÆ÷ÊýÁ¿ÅÓ´ó£¬ËùÒÔË«·½¶¼ÐèҪά»¤´óÁ¿µÄÃÜÔ¿£¬Î¬»¤³É±¾ºÜ¸ß
£¨2£©Òòÿ¸ö¿Í»§¶Ë¡¢·þÎñÆ÷µÄ°²È«¼¶±ð²»Í¬£¬ÃÜÔ¿¼«Ò×й¶
µÚ¶þ²½£º¼ÈȻʹÓöԳƼÓÃÜʱ£¬ÃÜԿά»¤Õâô·±Ëö£¬ÄÇÎÒÃǾÍÓ÷ǶԳƼÓÃÜÊÔÊÔ

ÈçÉÏͼËùʾ£¬¿Í»§¶ËÓù«Ô¿¶ÔÇëÇóÄÚÈݼÓÃÜ£¬·þÎñÆ÷ʹÓÃ˽Կ¶ÔÄÚÈݽâÃÜ£¬·´Ö®ÒàÈ»£¬µ«ÉÏÊö¹ý³ÌÒ²´æÔÚȱµã£º
£¨1£©¹«Ô¿Êǹ«¿ªµÄ£¨Ò²¾ÍÊǺڿÍÒ²»áÓй«Ô¿£©£¬ËùÒÔµÚ ¢Ü ²½Ë½Ô¿¼ÓÃܵÄÐÅÏ¢£¬Èç¹û±»ºÚ¿Í½Ø»ñ£¬Æä¿ÉÒÔʹÓù«Ô¿½øÐнâÃÜ£¬»ñÈ¡ÆäÖеÄÄÚÈÝ
µÚÈý²½£º·Ç¶Ô³Æ¼ÓÃܼÈȻҲÓÐȱÏÝ£¬ÄÇÎÒÃǾͽ«¶Ô³Æ¼ÓÃÜ£¬·Ç¶Ô³Æ¼ÓÃÜÁ½Õß½áºÏÆðÀ´£¬È¡Æä¾«»ª¡¢È¥ÆäÔãÆÉ£¬·¢»ÓÁ½Õߵĸ÷×ÔµÄÓÅÊÆ

ÈçÉÏͼËùʾ
£¨1£©µÚ ¢Û ²½Ê±£¬¿Í»§¶Ë˵£º£¨ÔÛÃǺóÐø»Ø»°²ÉÓöԳƼÓÃܰɣ¬ÕâÊǶԳƼÓÃܵÄËã·¨ºÍ¶Ô³ÆÃÜÔ¿£©Õâ¶Î»°Óù«Ô¿½øÐмÓÃÜ£¬È»ºó´«¸ø·þÎñÆ÷
£¨2£©·þÎñÆ÷ÊÕµ½ÐÅÏ¢ºó£¬ÓÃ˽Կ½âÃÜ£¬ÌáÈ¡³ö¶Ô³Æ¼ÓÃÜËã·¨ºÍ¶Ô³ÆÃÜÔ¿ºó£¬·þÎñÆ÷˵£º£¨ºÃµÄ£©¶Ô³ÆÃÜÔ¿¼ÓÃÜ
£¨3£©ºóÐøÁ½ÕßÖ®¼äÐÅÏ¢µÄ´«Êä¾Í¿ÉÒÔʹÓöԳƼÓÃܵķ½Ê½ÁË
Óöµ½µÄÎÊÌ⣺
£¨1£©¿Í»§¶ËÈçºÎ»ñµÃ¹«Ô¿
£¨2£©ÈçºÎÈ·ÈÏ·þÎñÆ÷ÊÇÕæÊµµÄ¶ø²»ÊǺڿÍ
µÚËIJ½£º»ñÈ¡¹«Ô¿ÓëÈ·ÈÏ·þÎñÆ÷Éí·Ý

1¡¢»ñÈ¡¹«Ô¿
£¨1£©Ìṩһ¸öÏÂÔØ¹«Ô¿µÄµØÖ·£¬»Ø»°Ç°Èÿͻ§¶ËÈ¥ÏÂÔØ¡££¨È±µã£ºÏÂÔØµØÖ·ÓпÉÄÜÊǼٵģ»¿Í»§¶Ëÿ´ÎÔڻػ°Ç°¶¼ÏÈÈ¥ÏÂÔØ¹«Ô¿Ò²ºÜÂé·³£©
£¨2£©»Ø»°¿ªÊ¼Ê±£¬·þÎñÆ÷°Ñ¹«Ô¿·¢¸ø¿Í»§¶Ë£¨È±µã£ººÚ¿Íð³ä·þÎñÆ÷£¬·¢Ë͸ø¿Í»§¶Ë¼ÙµÄ¹«Ô¿£©
2¡¢ÄÇÓÐľÓÐÒ»ÖÖ·½Ê½¼È¿ÉÒÔ°²È«µÄ»ñÈ¡¹«Ô¿£¬ÓÖÄÜ·ÀÖ¹ºÚ¿Íð³äÄØ£¿ ÄǾÍÐèÒªÓõ½ÖÕ¼«ÎäÆ÷ÁË£ºSSL Ö¤Ê飨É깺£©

ÈçÉÏͼËùʾ£¬ÔÚµÚ ¢Ú ²½Ê±·þÎñÆ÷·¢ËÍÁËÒ»¸öSSLÖ¤Ê鏸¿Í»§¶Ë£¬SSL Ö¤ÊéÖаüº¬µÄ¾ßÌåÄÚÈÝÓУº
£¨1£©Ö¤ÊéµÄ·¢²¼»ú¹¹CA
£¨2£©Ö¤ÊéµÄÓÐЧÆÚ
£¨3£©¹«Ô¿
£¨4£©Ö¤ÊéËùÓÐÕß
£¨5£©Ç©Ãû
¡¡¡
3¡¢¿Í»§¶ËÔÚ½ÓÊܵ½·þÎñ¶Ë·¢À´µÄSSLÖ¤Êéʱ£¬»á¶ÔÖ¤ÊéµÄÕæÎ±½øÐÐУÑ飬ÒÔä¯ÀÀÆ÷ΪÀý˵Ã÷ÈçÏ£º
£¨1£©Ê×ÏÈä¯ÀÀÆ÷¶Áȡ֤ÊéÖеÄÖ¤ÊéËùÓÐÕß¡¢ÓÐЧÆÚµÈÐÅÏ¢½øÐÐһһУÑé
£¨2£©ä¯ÀÀÆ÷¿ªÊ¼²éÕÒ²Ù×÷ϵͳÖÐÒÑÄÚÖõÄÊÜÐÅÈεÄÖ¤Êé·¢²¼»ú¹¹CA£¬Óë·þÎñÆ÷·¢À´µÄÖ¤ÊéÖеİ䷢ÕßCA±È¶Ô£¬ÓÃÓÚУÑéÖ¤ÊéÊÇ·ñΪºÏ·¨»ú¹¹°ä·¢
£¨3£©Èç¹ûÕÒ²»µ½£¬ä¯ÀÀÆ÷¾Í»á±¨´í£¬ËµÃ÷·þÎñÆ÷·¢À´µÄÖ¤ÊéÊDz»¿ÉÐÅÈεġ£
£¨4£©Èç¹ûÕÒµ½£¬ÄÇôä¯ÀÀÆ÷¾Í»á´Ó²Ù×÷ϵͳÖÐÈ¡³ö °ä·¢ÕßCA µÄ¹«Ô¿£¬È»ºó¶Ô·þÎñÆ÷·¢À´µÄÖ¤ÊéÀïÃæµÄÇ©Ãû½øÐнâÃÜ
£¨5£©ä¯ÀÀÆ÷ʹÓÃÏàͬµÄhashËã·¨¼ÆËã³ö·þÎñÆ÷·¢À´µÄÖ¤ÊéµÄhashÖµ£¬½«Õâ¸ö¼ÆËãµÄhashÖµÓëÖ¤ÊéÖÐÇ©Ãû×ö¶Ô±È
£¨6£©¶Ô±È½á¹ûÒ»Ö£¬ÔòÖ¤Ã÷·þÎñÆ÷·¢À´µÄÖ¤ÊéºÏ·¨£¬Ã»Óб»Ã°³ä
£¨7£©´Ëʱä¯ÀÀÆ÷¾Í¿ÉÒÔ¶Áȡ֤ÊéÖеĹ«Ô¿£¬ÓÃÓÚºóÐø¼ÓÃÜÁË
4¡¢ËùÒÔͨ¹ý·¢ËÍSSLÖ¤ÊéµÄÐÎʽ£¬¼È½â¾öÁ˹«Ô¿»ñÈ¡ÎÊÌ⣬ÓÖ½â¾öÁ˺ڿÍð³äÎÊÌ⣬һ¼ýË«µñ£¬HTTPS¼ÓÃܹý³ÌÒ²¾Í´ËÐγÉ
ËùÒÔÏà±ÈHTTP£¬HTTPS ´«Êä¸ü¼Ó°²È«
£¨1£© ËùÓÐÐÅÏ¢¶¼ÊǼÓÃÜ´«²¥£¬ºÚ¿ÍÎÞ·¨ÇÔÌý¡£
£¨2£© ¾ßÓÐУÑé»úÖÆ£¬Ò»µ©±»´Û¸Ä£¬Í¨ÐÅË«·½»áÁ¢¿Ì·¢ÏÖ¡£
£¨3£© Å䱸Éí·ÝÖ¤Ê飬·ÀÖ¹Éí·Ý±»Ã°³ä¡£
×ܽá
×ÛÉÏËùÊö£¬Ïà±È HTTP ÐÒ飬HTTPS ÐÒéÔö¼ÓÁ˺ܶàÎÕÊÖ¡¢¼ÓÃܽâÃܵÈÁ÷³Ì£¬ËäÈ»¹ý³ÌºÜ¸´ÔÓ£¬µ«Æä¿ÉÒÔ±£Ö¤Êý¾Ý´«ÊäµÄ°²È«¡£ËùÒÔÔÚÕâ¸ö»¥ÁªÍøÅòÕ͵Äʱ´ú£¬ÆäÖÐÒþ²Ø×Ÿ÷ÖÖ¿´²»¼ûµÄΣ»ú£¬ÎªÁ˱£Ö¤Êý¾ÝµÄ°²È«£¬Î¬»¤ÍøÂçÎȶ¨£¬½¨Òé´ó¼Ò¶à¶àÍÆ¹ãHTTPS¡£
HTTPS ȱµã£º
£¨1£©SSL Ö¤Êé·ÑÓúܸߣ¬ÒÔ¼°ÆäÔÚ·þÎñÆ÷ÉϵIJ¿Ê𡢸üÐÂά»¤·Ç³£·±Ëö
£¨2£©HTTPS ½µµÍÓû§·ÃÎÊËÙ¶È£¨¶à´ÎÎÕÊÖ£©
£¨3£©ÍøÕ¾¸ÄÓÃHTTPS ÒÔºó£¬ÓÉHTTP Ìø×ªµ½ HTTPS µÄ·½Ê½Ôö¼ÓÁËÓû§·ÃÎʺÄʱ£¨¶àÊýÍøÕ¾²ÉÓÃ302Ìø×ª£©
£¨4£©HTTPS Éæ¼°µ½µÄ°²È«Ëã·¨»áÏûºÄ CPU ×ÊÔ´£¬ÐèÒªÔö¼Ó´óÁ¿»úÆ÷£¨https·ÃÎʹý³ÌÐèÒª¼Ó½âÃÜ£©
|