zoukankan      html  css  js  c++  java
  • HTTPS与SHTTP

    Netscape Communications created HTTPS in 1994 for its Netscape Navigator web browser.

    S-HTTP was designed in 1999 by E. Rescorla and A. Schiffman of EIT, it was never fully accepted by Web browser vendors such as Microsoft and Netscape.

    HTTPS is a combination of HTTP with SSL/TLS to provide encrypted communication and secure identification of a network web server.

    Here is how HTTPS works:

    To support HTTPS, the browser software must pre-install some certificate authorities .

    connecting to a web server, the browser asks for the server's certificate(signed by a certificate authority A), after receiving it, the browser checks whether the authority A is trusted, if so, the browser checks whether the server is what it claims to be. After that, the browser and the server will negotiate about the session key, which is used by the SSL as the RC4 key to encrypt the messages.

    S-HTTP is a superset of HTTP, it provides a wide variety of mechanisms to provide for confidentiality, authentication, and integrity.

    It is not tied to any particular cryptographic system, key infrastructure, or cryptographic format, actually, messages may be protected by using digital signatures, authentication, and encryption.

    Upon first contact, the sender and receiver establish preferences for encrypting and handling secure messages.

    HTTPS is normally HTTP over SSL.

    S-HTTP it's a more advanced version of HTTP.

    S-HTTP can authenticate a user while HTTPS authenticates a server.

    S-HTTP is more flexible, a number of encryption algorithms and security techniques can be used, including DES and RC2 encryption, or RSA public-key signing. In addition, users can choose to use a particular type of certificate, or no certificate at all. In cases in which public-key certificates are not available, it is possible for a sender and receiver to use a session key that they have exchanged in advance. A challenge/response mechanism is also available.

  • 相关阅读:
    Selenium+Java自动化之如何优雅绕过验证码
    Java替换中使用正则表达式实现中间模糊匹配
    【转】Jmeter中使用CSV Data Set Config参数化不重复数据执行N遍
    【转】安全测试===如何查看浏览器保存的密码
    JMeter 中_time 函数的使用(时间戳、当前时间)
    TCP拆包粘包之分隔符解码器
    TCP粘包/拆包问题
    Netty 入门示例
    JDK AIO编程
    JDK NIO编程
  • 原文地址:https://www.cnblogs.com/zszmhd/p/1924104.html
Copyright © 2011-2022 走看看