see that SSL/TLS requires application changes in order to be utilized. These changes have to be made by every application that wishes to utilize SSL/TLS. In other words, SSL/TLS is not application transparent.
| Web Browser |
|
|
|
| |
|
|
|
|
| ||
| HTTP:// |
|
| Web Browser Application Code | ||
|
|
|
|
| ||
| API: Socket(…) |
|
|
|
|
|
|
|
|
|
|
|
|
TCP
IP
| Web Browser |
|
|
|
| |
|
|
|
|
| ||
| HTTPS:// |
|
| Web Browser Application Code | ||
|
|
|
|
| ||
| API: SSLSocket(…) |
|
|
|
|
|
|
|
|
|
|
|
|
SSL/TLS
TCP
IP
Figure 3 - Application Changes
Now, let’s have a closer look at HTTPS.
HTTPS Decoded
In Figure 4 – HTTP Session, we bring up a normal HTTP session with an HP MFP.
3