TLS/SSL 加密通信到底是什么?一文带你快速理清(含代码示例)_tls协议
目录
1. 协议概述
1.1 基本概念
- TLS (Transport Layer Security):传输层安全协议
- SSL (Secure Sockets Layer):TLS前身(已淘汰)
- 提供:
- 身份认证(服务器/客户端)
- 通信加密
- 数据完整性保护
1.2 协议栈位置
应用层 (HTTP/FTP/SMTP...)└─ TLS/SSL └─ TCP └─ IP1.3 版本演进
2. 握手流程详解
2.1 完整握手(TLS 1.2)
#mermaid-svg-NS55btKZeLzHNsgV {font-family:\"trebuchet ms\",verdana,arial,sans-serif;font-size:16px;fill:#333;}#mermaid-svg-NS55btKZeLzHNsgV .error-icon{fill:#552222;}#mermaid-svg-NS55btKZeLzHNsgV .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-NS55btKZeLzHNsgV .edge-thickness-normal{stroke-width:2px;}#mermaid-svg-NS55btKZeLzHNsgV .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-NS55btKZeLzHNsgV .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-NS55btKZeLzHNsgV .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-NS55btKZeLzHNsgV .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-NS55btKZeLzHNsgV .marker{fill:#333333;stroke:#333333;}#mermaid-svg-NS55btKZeLzHNsgV .marker.cross{stroke:#333333;}#mermaid-svg-NS55btKZeLzHNsgV svg{font-family:\"trebuchet ms\",verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-NS55btKZeLzHNsgV .actor{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-NS55btKZeLzHNsgV text.actor>tspan{fill:black;stroke:none;}#mermaid-svg-NS55btKZeLzHNsgV .actor-line{stroke:grey;}#mermaid-svg-NS55btKZeLzHNsgV .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333;}#mermaid-svg-NS55btKZeLzHNsgV .messageLine1{stroke-width:1.5;stroke-dasharray:2,2;stroke:#333;}#mermaid-svg-NS55btKZeLzHNsgV #arrowhead path{fill:#333;stroke:#333;}#mermaid-svg-NS55btKZeLzHNsgV .sequenceNumber{fill:white;}#mermaid-svg-NS55btKZeLzHNsgV #sequencenumber{fill:#333;}#mermaid-svg-NS55btKZeLzHNsgV #crosshead path{fill:#333;stroke:#333;}#mermaid-svg-NS55btKZeLzHNsgV .messageText{fill:#333;stroke:#333;}#mermaid-svg-NS55btKZeLzHNsgV .labelBox{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-NS55btKZeLzHNsgV .labelText,#mermaid-svg-NS55btKZeLzHNsgV .labelText>tspan{fill:black;stroke:none;}#mermaid-svg-NS55btKZeLzHNsgV .loopText,#mermaid-svg-NS55btKZeLzHNsgV .loopText>tspan{fill:black;stroke:none;}#mermaid-svg-NS55btKZeLzHNsgV .loopLine{stroke-width:2px;stroke-dasharray:2,2;stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#mermaid-svg-NS55btKZeLzHNsgV .note{stroke:#aaaa33;fill:#fff5ad;}#mermaid-svg-NS55btKZeLzHNsgV .noteText,#mermaid-svg-NS55btKZeLzHNsgV .noteText>tspan{fill:black;stroke:none;}#mermaid-svg-NS55btKZeLzHNsgV .activation0{fill:#f4f4f4;stroke:#666;}#mermaid-svg-NS55btKZeLzHNsgV .activation1{fill:#f4f4f4;stroke:#666;}#mermaid-svg-NS55btKZeLzHNsgV .activation2{fill:#f4f4f4;stroke:#666;}#mermaid-svg-NS55btKZeLzHNsgV .actorPopupMenu{position:absolute;}#mermaid-svg-NS55btKZeLzHNsgV .actorPopupMenuPanel{position:absolute;fill:#ECECFF;box-shadow:0px 8px 16px 0px rgba(0,0,0,0.2);filter:drop-shadow(3px 5px 2px rgb(0 0 0 / 0.4));}#mermaid-svg-NS55btKZeLzHNsgV .actor-man line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-NS55btKZeLzHNsgV .actor-man circle,#mermaid-svg-NS55btKZeLzHNsgV line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;stroke-width:2px;}#mermaid-svg-NS55btKZeLzHNsgV :root{--mermaid-font-family:\"trebuchet ms\",verdana,arial,sans-serif;} Client Server TLS Handshake Phase ClientHello (支持的加密套件、随机数等) ServerHello (选择的加密套件、随机数) + Server Certificate (可选) ServerKeyExchange (如DH参数) ServerHelloDone ClientKeyExchange (预主密钥加密传输) ChangeCipherSpec (切换到加密通信)
