HTTPS是HTTP协议上的一层安全的加密传输协议,其通过交换密钥建立安全通道,来保证通信过程中数据的保密性、完整性和不可抵赖性。
HTTPS握手过程中的密钥交换主要包括以下几个步骤:
-
客户端发送“CLIENT HELLO”消息到服务器:该消息包含了客户端所支持的协议、加密方式、生成随机数的方法等信息。
-
服务器返回“SERVER HELLO”消息给客户端:该消息含有服务器所选中的加密方式、证书以及服务器生成的随机数等信息。
以下为示例说明:
客户端发送的“Client Hello”消息,其中包含了TLS版本、加密套件列表、生成随机数的方式等信息:
```text
Client Hello
Version: TLS 1.2
Cipher Suites (28 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xC042)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xC03C)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6B)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x6A)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xC041)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xC03B)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x40)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32)
Compression Methods (1 method)
Compression Method: null (0)
Extensions (9 extensions)
Extension: server_name (len=11)
Server Name Indication extension
Server Name list length: 3
Server Name Type: host_name (0)
Server Name: www.example.com
Extension: ec_point_formats (len=4)
Elliptic curves point formats
Supported point formats: uncompressed (0x0)
Extension: elliptic_curves (len=10)
Supported Elliptic Curves
ECCurve Type: named_curve (0x03)
ECCurve Name: secp256r1 (0x0017)
ECCurve Type: named_curve (0x03)
ECCurve Name: secp384r1 (0x0018)
ECCurve Type: named_curve (0x03)
ECCurve Name: secp521r1 (0x0019)
ECCurve Type: named_curve (0x03)
ECCurve Name: brainpoolP256r1 (0x001a)
ECCurve Type: named_curve (0x03)
ECCurve Name: brainpoolP384r1 (0x001b)
ECCurve Type: named_curve (0x03)
ECCurve Name: brainpoolP512r1 (0x001c)
ECCurve Type: named_curve (0x03)
ECCurve Name: secp256k1 (0x0010)
Extension: session_ticket (len=0)
Extension: renegotiation_info (len=1)
Renegotiation Info extension
renegotiated_connection: <no renegotiation>
Extension: supported_versions (len=6)
Supported Versions extension
Version: TLS 1.3 (0x0304)
Version: TLS 1.2 (0x0303)
Version: TLS 1.1 (0x0302)
Version: TLS 1.0 (0x0301)
Extension: key_share (len=44)
Key Share extension
Key Share entry: Group: secp256r1, Key Exchange length: 65
Key Exchange: 04 5d 94 86 25 25 42 22 8f ab 1d 76 7c bb 99 d2 bd
e3 76 94 70 45 e3 b3 da b6 f1 c0 d0 d6 31 59 bb 39 37 fe 87
0f 06 9f 37 91 fe 27 7c cb 40 11 7e 1b 9e 2c 08 35 7b 90 03
21 1a 95 cc 3e f9 29 cf 98 10 72 3b 6d 8f 88 a6 e5
Extension: pre_shared_key (len=51)
Pre-Shared Key extension
Version: TLS 1.2 (0x0303)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Group ID: secp256r1
PSK Identity: 4D 79 20 50 53 4B
obfuscated_ticket_age: 76
-
服务器返回数字签名的证书给客户端:服务器返回默认或人为配置的数字证书,证书中包含了公钥等信息,并由受信任的第三方认证。
-
客户端验证证书:客户端需要验证证书的合法性,包括证书的数字签名是否由受信任的CA机构颁发、证书是否过期、域名是否匹配等。
-
客户端生成密钥:客户端会生成会话密钥,用于后续的通信加密。
以下为示例说明:
服务器返回的“Server Hello”消息,其中包含了服务器的TLS版本、Session ID、选中的加密套件、服务器生成的随机数等信息:
```text
Server Hello
Version: TLS 1.2
Random: 3b 6d 14 26 3e ed aa 6e 8a 84 24 5d 86 24 92 20 bf ef 2a 48 05 c2 4e dc 9a 16 4d 6d 91 06 14
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Extensions (9 extensions)
Extension: renegotiation_info (len=1)
Renegotiation Info extension
renegotiated_connection: <no renegotiation>
Extension: server_name (len=11)
Server Name Indication extension
Server Name list length: 3
Server Name Type: host_name (0)
Server Name: www.example.com
Extension: ec_point_formats (len=4)
Elliptic curves point formats
Supported point formats: uncompressed (0x0)
Extension: elliptic_curves (len=10)
Supported Elliptic Curves
ECCurve Type: named_curve (0x03)
ECCurve Name: secp256r1 (0x0017)
ECCurve Type: named_curve (0x03)
ECCurve Name: secp384r1 (0x0018)
ECCurve Type: named_curve (0x03)
ECCurve Name: secp521r1 (0x0019)
ECCurve Type: named_curve (0x03)
ECCurve Name: brainpoolP256r1 (0x001a)
ECCurve Type: named_curve (0x03)
ECCurve Name: brainpoolP384r1 (0x001b)
ECCurve Type: named_curve (0x03)
ECCurve Name: brainpoolP512r1 (0x001c)
ECCurve Type: named_curve (0x03)
ECCurve Name: secp256k1 (0x0010)
Extension: signature_algorithms (len=20)
Signature Algorithms
Signature Hash Algorithms: 5 types
Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
Signature Algorithm: dsa_sha512 (0x0602)
Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
Signature Algorithm: dsa_sha384 (0x0502)
Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
Signature Algorithm: dsa_sha256 (0x0402)
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Algorithm: rsa_pkcs1_sha224 (0x0301)
Signature Algorithm: dsa_sha224 (0x0302)
Signature Algorithm: ecdsa_secp224r1_sha224 (0x0303)
Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
Signature Algorithm: dsa_sha1 (0x0202)
Signature Algorithm: ecdsa_sha1 (0x0203)
Signature Algorithm: rsa_pkcs1_md5 (0x0101)
Signature Algorithm: dsa_md5 (0x0102)
Signature Algorithm: ecdsa_md5 (0x0103)
Extension: status_request (len=5)
Certificate Status extension
Certificate Status Type: OCSP (1)
Responder ID list:
Certificate ID list:
Extension: supported_versions (len=2)
Supported Versions extension
Version: TLS 1.3 (0x0304)
Extension: key_share (len=62)
Key Share extension
Key Share entry: Group: secp256r1, Key Exchange length: 65
Key Exchange: 04 db d1 85 c1 c1 83 42 d0 ad 7c d0 98 05 7d 99 17 a7 09 3e 52 d0 ab f9 9d b7 69
d0 a2 73 2e 25 1a c1 c1 80 29 8e 72 f7 12 ae 46 29 96 a8 43 94 33 55 c3 95 78 8d 44 7f b2 aa
5d e8
Key Share entry: Group: secp384r1, Key Exchange length: 104
Key Exchange: 04 4f 8f d4 d4 4e c4 a9 08 db d9 83 1c 29 89 6b be 17 1c 4c 4c c9 cd 92 9d e1 21
37 95 86 8a dc 09 a2 bc 6d 03 e3 8b e9 43 70 6e 20 37 8e b3 b3 7c 3e 70 dc b8 21 45 03 2a
f6 38 d0 96 ad 39 44 c1 c9 73 15 45 22 ae 85 27 ce 8b 4d 92 b4 b4 c4 fc 4b 0b 08 92 21 46
cb
Extension: psk_key_exchange_modes (len=2)
PSK Key Exchange Modes extension
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (0x01)
Extension: supported_groups (len=8)
Supported Groups
Named Group: secp256r1 (0x0017)
Named Group: secp384r1 (0x0018)
Named Group: secp521r1 (0x0019)
Named Group: brainpoolP256r1 (0x001a)
Named Group: brainpoolP384r1 (0x001b)
Named Group: brainpoolP512r1 (0x001c)
Named Group: secp256k1 (0x0010)
Named Group: ffdhe2048 (0x0100)
Extension: signature_algorithms_cert (len=18)
Signature Algorithms
Signature Hash Algorithms: 4 types
Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
Signature Algorithm: dsa_sha256 (0x0402)
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
Signature Algorithm: dsa_sha384 (0x0502)
Signature Algorithm: rsa_pkcs1_sha224 (0x0301)
Signature Algorithm: dsa_sha224 (0x0302)
Signature Algorithm: ecdsa_secp224r1_sha224 (0x0303)
Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
Signature Algorithm: dsa_sha1 (0x0202)
Signature Algorithm: ecdsa_sha1 (0x0203)
Signature Algorithm: rsa_pkcs1_md5 (0x0101)
Signature Algorithm: dsa_md5 (0x0102)
Signature Algorithm: ecdsa_md5 (0x0103)
Extension: extended_master_secret (len=0)
-
客户端发送加密数据:客户端使用会话密钥加密通信内容,然后发送到服务器端。
-
服务器使用私钥解密数据:服务器使用自己的私钥来解密加密的数据,并使用客户端发送的Session ID和随机数来生成相同的会话密钥。
-
服务器发送加密数据:服务器使用会话密钥加密响应的数据,然后发送到客户端。
参考链接: