SSL交互过程

The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. This is in short how it works.

1. A browser requests a secure page (usually https://).

2. The web server sends its public key with its certificate.

3. The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.

4. The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.

5. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.

6. The web server sends back the requested html document and http data encrypted with the symmetric key.

7. The browser decrypts the http data and html document using the symmetric key and displays the information.

安全套接层协议是由Netscape创建的，它用来保证在WEB服务器和浏览器间的数据被安全传输。
协议使用一个第三方的证书局（CA）来验证传输的一方或双方的身份。下面是简单的描述它如何工作：

1. 浏览器请求一个安全的页面(通过以https://开头)
2. WEB服务器返回它的公钥和证书
3. 浏览检查证书是由可信的机构颁发的（通过是可信的根CA），证书仍然有效并且证书与被访问的网站相关
4. 浏览器使用公钥来加密一个随机的对称密钥，加上加密后的URL和其它加密后的http数据一起发回至服务器。
5. WEB服务器使用私钥解密对称密钥，并用它来解密在浏览器上加密了的URL和http数据
6. WEB服务器使用对称密钥加密请求的HTML文档和http数据并发回至浏览器
7. 浏览器使用对称密钥解密HTML文档和http数据并展示给用户

参考：https://www.zhihu.com/question/29620953