Updated: 2017-04-13 18:52:38 CST +08

HTTPS

Workflow

note right of browser: SSL Handshake Step
browser->server: send https request, include protocol version, support cipher suites, client random number
server->browser: decided cipher suite, send ssl certificate included encrypted public key, server random number
note left of server:public key encrypted by CA's private key
browser->Certificate Authority: validate certificate
Certificate Authority->browser: certificate accepted
browser->browser: decrypt server's encrypted public key by CA's public key
note right of browser: CA's public keys are stored in OS as default setting
browser->browser: generate premaster secret key
browser->browser: encrypt premaster secret key by server's public key
browser->server: send client's encrypted secret key
server->server: decrypt client's encrypted secret key by server's private key
server->server: generated session key
browser->browser: generated session key
note right of browser: session key generated by premaster secret, client random, server random

note right of browser: Data Transfer Step
browser->server: send session id
server->server: check session id exist
server->browser: session id exist, use exist session key
note right of browser: if session id not exist, do ssl handshake to generate session key
browser->browser: encrypted request by session key
browser->server: send request
server->server: decrypted request by session key
server->server: process request
server->server: encrypted response by session key
server->browser: send response
browser->browser: decrypted response by session key

Reference