HTTPS握手过程中的密钥交换是如何进行的?

  • Post category:云计算

HTTPS是HTTP协议上的一层安全的加密传输协议,其通过交换密钥建立安全通道,来保证通信过程中数据的保密性、完整性和不可抵赖性。

HTTPS握手过程中的密钥交换主要包括以下几个步骤:

  1. 客户端发送“CLIENT HELLO”消息到服务器:该消息包含了客户端所支持的协议、加密方式、生成随机数的方法等信息。

  2. 服务器返回“SERVER HELLO”消息给客户端:该消息含有服务器所选中的加密方式、证书以及服务器生成的随机数等信息。

以下为示例说明:

客户端发送的“Client Hello”消息,其中包含了TLS版本、加密套件列表、生成随机数的方式等信息:

```text
Client Hello
  Version: TLS 1.2
  Cipher Suites (28 suites)
      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
      Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
      Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xC042)
      Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xC03C)
      Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6B)
      Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x6A)
      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
      Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
      Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xC041)
      Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xC03B)
      Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)
      Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x40)
      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
      Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
      Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
      Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
      Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
      Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38)
      Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
      Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
      Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
      Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
      Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
      Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
      Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32)
  Compression Methods (1 method)
      Compression Method: null (0)
  Extensions (9 extensions)
      Extension: server_name (len=11)
          Server Name Indication extension
              Server Name list length: 3
              Server Name Type: host_name (0)
              Server Name: www.example.com
      Extension: ec_point_formats (len=4)
          Elliptic curves point formats
              Supported point formats: uncompressed (0x0)
      Extension: elliptic_curves (len=10)
          Supported Elliptic Curves
              ECCurve Type: named_curve (0x03)
              ECCurve Name: secp256r1 (0x0017)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: secp384r1 (0x0018)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: secp521r1 (0x0019)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: brainpoolP256r1 (0x001a)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: brainpoolP384r1 (0x001b)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: brainpoolP512r1 (0x001c)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: secp256k1 (0x0010)
      Extension: session_ticket (len=0)
          Extension: renegotiation_info (len=1)
              Renegotiation Info extension
                  renegotiated_connection: <no renegotiation>
      Extension: supported_versions (len=6)
          Supported Versions extension
              Version: TLS 1.3 (0x0304)
              Version: TLS 1.2 (0x0303)
              Version: TLS 1.1 (0x0302)
              Version: TLS 1.0 (0x0301)
      Extension: key_share (len=44)
          Key Share extension
              Key Share entry: Group: secp256r1, Key Exchange length: 65
              Key Exchange: 04 5d 94 86 25 25 42 22 8f ab 1d 76 7c bb 99 d2 bd
                  e3 76 94 70 45 e3 b3 da b6 f1 c0 d0 d6 31 59 bb 39 37 fe 87
                  0f 06 9f 37 91 fe 27 7c cb 40 11 7e 1b 9e 2c 08 35 7b 90 03
                  21 1a 95 cc 3e f9 29 cf 98 10 72 3b 6d 8f 88 a6 e5
      Extension: pre_shared_key (len=51)
          Pre-Shared Key extension
              Version: TLS 1.2 (0x0303)
              Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
              Group ID: secp256r1
              PSK Identity: 4D 79 20 50 53 4B
              obfuscated_ticket_age: 76
  1. 服务器返回数字签名的证书给客户端:服务器返回默认或人为配置的数字证书,证书中包含了公钥等信息,并由受信任的第三方认证。

  2. 客户端验证证书:客户端需要验证证书的合法性,包括证书的数字签名是否由受信任的CA机构颁发、证书是否过期、域名是否匹配等。

  3. 客户端生成密钥:客户端会生成会话密钥,用于后续的通信加密。

以下为示例说明:

服务器返回的“Server Hello”消息,其中包含了服务器的TLS版本、Session ID、选中的加密套件、服务器生成的随机数等信息:

```text
Server Hello
  Version: TLS 1.2
  Random: 3b 6d 14 26 3e ed aa 6e 8a 84 24 5d 86 24 92 20 bf ef 2a 48 05 c2 4e dc 9a 16 4d 6d 91 06 14
  Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
  Extensions (9 extensions)
      Extension: renegotiation_info (len=1)
          Renegotiation Info extension
              renegotiated_connection: <no renegotiation>
      Extension: server_name (len=11)
          Server Name Indication extension
              Server Name list length: 3
              Server Name Type: host_name (0)
              Server Name: www.example.com
      Extension: ec_point_formats (len=4)
          Elliptic curves point formats
              Supported point formats: uncompressed (0x0)
      Extension: elliptic_curves (len=10)
          Supported Elliptic Curves
              ECCurve Type: named_curve (0x03)
              ECCurve Name: secp256r1 (0x0017)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: secp384r1 (0x0018)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: secp521r1 (0x0019)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: brainpoolP256r1 (0x001a)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: brainpoolP384r1 (0x001b)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: brainpoolP512r1 (0x001c)
              ECCurve Type: named_curve (0x03)
              ECCurve Name: secp256k1 (0x0010)
      Extension: signature_algorithms (len=20)
          Signature Algorithms
              Signature Hash Algorithms: 5 types
                  Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                  Signature Algorithm: dsa_sha512 (0x0602)
                  Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
                  Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                  Signature Algorithm: dsa_sha384 (0x0502)
                  Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                  Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                  Signature Algorithm: dsa_sha256 (0x0402)
                  Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                  Signature Algorithm: rsa_pkcs1_sha224 (0x0301)
                  Signature Algorithm: dsa_sha224 (0x0302)
                  Signature Algorithm: ecdsa_secp224r1_sha224 (0x0303)
                  Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
                  Signature Algorithm: dsa_sha1 (0x0202)
                  Signature Algorithm: ecdsa_sha1 (0x0203)
              Signature Algorithm: rsa_pkcs1_md5 (0x0101)
              Signature Algorithm: dsa_md5 (0x0102)
              Signature Algorithm: ecdsa_md5 (0x0103)
      Extension: status_request (len=5)
          Certificate Status extension
              Certificate Status Type: OCSP (1)
              Responder ID list:
              Certificate ID list:
      Extension: supported_versions (len=2)
          Supported Versions extension
              Version: TLS 1.3 (0x0304)
      Extension: key_share (len=62)
          Key Share extension
              Key Share entry: Group: secp256r1, Key Exchange length: 65
              Key Exchange: 04 db d1 85 c1 c1 83 42 d0 ad 7c d0 98 05 7d 99 17 a7 09 3e 52 d0 ab f9 9d b7 69
                  d0 a2 73 2e 25 1a c1 c1 80 29 8e 72 f7 12 ae 46 29 96 a8 43 94 33 55 c3 95 78 8d 44 7f b2 aa
                  5d e8
              Key Share entry: Group: secp384r1, Key Exchange length: 104
              Key Exchange: 04 4f 8f d4 d4 4e c4 a9 08 db d9 83 1c 29 89 6b be 17 1c 4c 4c c9 cd 92 9d e1 21
                  37 95 86 8a dc 09 a2 bc 6d 03 e3 8b e9 43 70 6e 20 37 8e b3 b3 7c 3e 70 dc b8 21 45 03 2a
                  f6 38 d0 96 ad 39 44 c1 c9 73 15 45 22 ae 85 27 ce 8b 4d 92 b4 b4 c4 fc 4b 0b 08 92 21 46
                  cb
      Extension: psk_key_exchange_modes (len=2)
          PSK Key Exchange Modes extension
              PSK Key Exchange Mode: PSK with (EC)DHE key establishment (0x01)
      Extension: supported_groups (len=8)
          Supported Groups
              Named Group: secp256r1 (0x0017)
              Named Group: secp384r1 (0x0018)
              Named Group: secp521r1 (0x0019)
              Named Group: brainpoolP256r1 (0x001a)
              Named Group: brainpoolP384r1 (0x001b)
              Named Group: brainpoolP512r1 (0x001c)
              Named Group: secp256k1 (0x0010)
              Named Group: ffdhe2048 (0x0100)
      Extension: signature_algorithms_cert (len=18)
          Signature Algorithms
              Signature Hash Algorithms: 4 types
                  Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                  Signature Algorithm: dsa_sha256 (0x0402)
                  Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                  Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                  Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                  Signature Algorithm: dsa_sha384 (0x0502)
              Signature Algorithm: rsa_pkcs1_sha224 (0x0301)
              Signature Algorithm: dsa_sha224 (0x0302)
              Signature Algorithm: ecdsa_secp224r1_sha224 (0x0303)
              Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
              Signature Algorithm: dsa_sha1 (0x0202)
              Signature Algorithm: ecdsa_sha1 (0x0203)
              Signature Algorithm: rsa_pkcs1_md5 (0x0101)
              Signature Algorithm: dsa_md5 (0x0102)
              Signature Algorithm: ecdsa_md5 (0x0103)
      Extension: extended_master_secret (len=0)
  1. 客户端发送加密数据:客户端使用会话密钥加密通信内容,然后发送到服务器端。

  2. 服务器使用私钥解密数据:服务器使用自己的私钥来解密加密的数据,并使用客户端发送的Session ID和随机数来生成相同的会话密钥。

  3. 服务器发送加密数据:服务器使用会话密钥加密响应的数据,然后发送到客户端。

参考链接: