英文:
Can we make HTTPS connection without SSL certificate?
问题
我与我的同事讨论过是否可以在不使用SSL证书的情况下建立HTTPS连接。我对此感到很困惑。有人能解释一下吗?
英文:
I've some discussion with my colleague whether we can make HTTPS connection without using SSL certificate. I'm quite confused about this. Can anyone explain this?
答案1
得分: 1
这里是翻译好的内容:
"无SSL不可能进行HTTPS连接。它的工作方式很复杂,正如评论中提到的,这里有一个很好的答案链接。
但总结为什么“不可能”:
HTTPS“需要”SSL证书,你可以把SSL看作是“HTTPS”中的“S”,因为安全连接是通过证书建立的。客户端发送请求给服务器,它们进行安全握手(这需要证书来创建和验证密钥),然后继续正常业务。
如果尝试绕过这种行为,任何浏览器都会抛出一百万个错误。在某些情况下(如果你有控制权),你可以欺骗自己的服务器,让它相信数据是以HTTPS方式而不是HTTP方式传输的,但你无法愚弄浏览器。"
英文:
It's not possible to do HTTPS connections without SSL. The way it works is complicated and as mentioned in the comments there is a great answer here.
But to summarize the reason why it's not possible:
HTTPS needs an SSL certificate, you can think of SSL as the S in HTTPS, since the secure connection is made using the certificate. A client sends a request to a server, they do a secure handshake (which requires the certificate in order to create and verify the keys) and then proceed to business as usual.
Any browser will throw a million red flaws if you try to circumvent this behavior. You could trick your own server to believe data is coming as HTTPS rather than HTTP in some cases (if you have control over it), but you won't be able to fool browsers.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论