GET数据是否也在HTTPS中加密？ [英] Is GET data also encrypted in HTTPS?

问题描述

获取时

https ：//encrypted.google.com/search？q =％s

％s 查询是加密的？或者只是回应？
如果不是，Google为什么还应该通过加密服务它的公共内容？

The %s query is encrypted? Or just the response? If it is not, why should Google serve it's public content also with encryption?

推荐答案

整个请求都是加密的，包括URL，甚至命令（ GET ）。代理服务器之类的干预方可以收集的唯一内容是目标地址和端口。

The entire request is encrypted, including the URL, and even the command (GET). The only thing an intervening party such as a proxy server can glean is the destination address and port.

但是，请注意，TLS握手的客户端Hello数据包可以做广告通过 SNI 扩展名以明文形式提供完全限定的域名（感谢@ hafichuk），被所有现代主流浏览器使用，但有些只在较新的操作系统上使用。

Note, however, that the Client Hello packet of a TLS handshake can advertise the fully qualified domain name in plaintext via the SNI extension (thanks @hafichuk), which is used by all modern mainstream browsers, though some only on newer OSes.

编辑：（因为这只是让我一个好答案徽章，我想我应该回答整个问题......）

(Since this just got me a "Good Answer" badge, I guess I should answer the entire question…)

整个回复也是加密的;代理不能拦截它的任何部分。

The entire response is also encrypted; proxies cannot intercept any part of it.

Google通过https提供搜索和其他内容，因为并非所有内容都是公开的，您可能还想隐藏一些公开内容来自 MITM 的内容。无论如何，最好让Google 自己回答。

Google serves searches and other content over https because not all of it is public, and you might also want to hide some of the public content from a MITM. In any event, it's best to let Google answer for themselves.

这篇关于GET数据是否也在HTTPS中加密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！