HTTPS双向认证详解-优快云博客

本文链接：https://blog.youkuaiyun.com/tuhuolong/article/details/69258589

Https握手(验证证书->交换密钥): 证书防伪造(签名验证), 防篡改(签名验证), 防替换(域名验证), 防假冒(解不开密钥)

Https通信: 防窃听(对称加密), 防篡改(签名), 防重放(序列号)

Https的双向认证
服务器认证: 验证服务器证书(证书链)+验证私钥(协商密钥)
客户端认证: 验证客户端证书(证书链)+验证私钥(验证客户端签名)

![这里写图片描述](https://img-blog.youkuaiyun.com/20171023114857242?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvdHVodW9sb25n/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast)
![这里写图片描述](https://img-blog.youkuaiyun.com/20171023114913905?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvdHVodW9sb25n/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast)

To prevent message replay or modification attacks, the MAC is computed from the MAC secret, the sequence number, the message length, the message contents, and two fixed character strings.