How to enable https two-way authentication

1. Http

HyperText Transfer Protocol, Hypertext Transfer Protocol, is the most widely used one on the Internet. A protocol, a standard that all WWW files must follow. The data transmitted by the HTTP protocol is unencrypted, that is, in clear text, so it is very unsafe to use the HTTP protocol to transmit private information.

The TCP port used is: 80

2. Https

Hyper Text Transfer Protocol over Secure Socket Layer, secure hypertext transfer protocol, network Jingfu designed the SSL (Secure Sockets Layer) protocol to encrypt data transmitted by the HTTP protocol to ensure security during the session.

The default TCP port used is 443

3. SSL protocol encryption method

The SSL protocol uses both symmetric encryption and asymmetric encryption ( Public key encryption), when establishing a transmission link, SSL first uses the public key for asymmetric encryption of the symmetric encryption key. After the link is established, SSL uses symmetric encryption for the transmission content.

Symmetric encryption

High speed, large encrypted content, used to encrypt messages during the session

Public key encryption

Slow encryption speed , but it can provide better identity authentication technology, used to encrypt the key of symmetric encryption

Related recommendations: "FAQ"

4. Two-way Authentication

The principles of two-way authentication and one-way authentication are basically the same, except that in addition to the client needing to authenticate the server, the server authenticates the client. The specific process is as follows:

1. The client sends the SSL protocol version number, encryption algorithm type, random number and other information to the server.

2. The server returns the SSL protocol version number, encryption algorithm type, random number and other information to the client. It also returns the server-side certificate, that is, the public key certificate.

3. The client uses the information returned by the server to verify the legitimacy of the server, including:

(1) Whether the certificate has expired.

(2) Whether the CA issuing the server certificate is reliable.

(3) Whether the returned public key can correctly decrypt the digital signature in the returned certificate.

(4) Whether the domain name on the server certificate matches the actual domain name of the server.

(5) After the verification is passed, communication will continue, otherwise, communication will be terminated.

4. The server requires the client to send the client's certificate, and the client will send its own certificate to the server.

5. Verify the client's certificate. After passing the verification, the client's public key will be obtained.

6. The client sends the symmetric encryption scheme it can support to the server for the server to choose.

7. The server selects the encryption method with the highest degree of encryption among the encryption schemes provided by the client.

8. Encrypt the encryption scheme using the public key obtained previously and return it to the client.

9. After receiving the encryption scheme ciphertext returned by the server, the client uses its own private key to decrypt to obtain the specific encryption method, and then generates a random code for the encryption method, which is used in the encryption process. The key is encrypted using the public key previously obtained from the server certificate, and then sent to the server.

10. After the server receives the message sent by the client, it uses its own private key to decrypt it and obtains the symmetric encryption key. In the subsequent session, the server and client will use this password. Perform symmetric encryption to ensure the security of information during communication.

The above is the detailed content of How to enable https two-way authentication. For more information, please follow other related articles on the PHP Chinese website!