数据是否在 SSL 层加密(128 位加密)?
我通过使用 java keytool 和 RSA 算法生成证书来配置 Tomcat 6 中的 SSL 机制,并且我可以使用 HTTPS 访问 URL。
现在我几乎没有疑问,
- 在客户端与服务器(浏览器到服务器或服务器到浏览器)通信时,数据是否也使用 128 位加密进行加密?
- 如果独立应用程序与服务器通信,我是否只能获得加密数据?
请澄清我的疑问。提前致谢
I configured SSL mechanism in tomcat 6 by generated certificate using java keytool with RSA algorithm and I’m able access the urls using the HTTPS.
Now I have few doubts
- While communicating client with server (browser to server or server to browser), is Data also encrypted using 128 bit encryption?
- If stand alone application is communicating with server do I get encrypted data only?
Please clarify my doubts. Thanks in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
是的,一旦协商了 SSL 连接(这是发生的第一件事),所有数据(客户端和服务器)都会加密。
通过 SSL 安全通道进行通信的任何应用程序都将对其所有数据进行加密,并且(由于证书签名)它将相对有信心与它认为应该与之通信的参与者进行通信(即,它将受到保护)针对 MITM 攻击)。
Yes, once the SSL connection has been negotiated (which is the first thing that happens), all data (client and server) is encrypted.
Any application communicating over an SSL-secured channel will have all its data encrypted and (because of certificate signing) it will be relatively confident that it's speaking with the actor it thinks it should be speaking with (ie, it will have protection against MITM attacks).
如果您使用启用 SSL 的客户端(无论是浏览器、libcurl 还是其他设备)连接到您为 SSL 配置的任何端口,您的整个通信路径都将被加密。如果您尝试将不支持 SSL 的客户端连接到 HTTPS 侦听器,您将收到如下所示的
Bad Request错误消息:如果您确实担心,请尝试使用类似 Wireshark 查看客户端和服务器之间的通信情况。
If you're connecting with an SSL-enabled client (whether that's a browser,
libcurl, or something else) to whatever port you have configured for SSL, your entire communication path will be encrypted. If you try to connect with a non-SSL-enabled client to an HTTPS listener, you'll get aBad Requesterror message like this:If you're really concerned, try using something like Wireshark to view the communication between client and server.