通过https发送数据时是否需要验证校验和 [英] Is it necessary to verify checksum when data is sent over https

问题描述

我正在使用HTTPS上的其余Web服务.Web服务的提供者正在发送通过HTTPS发送的数据的校验和.由于通过ssl发送的数据已经被加密，并且如果接收到错误数据，解密将失败.那么有必要验证数据的校验和吗?

I am consuming the rest web service which is on HTTPS. Provider of the web service is sending checksum of the data sent over HTTPS. As the data sent over ssl is already encrypted and if the erroneous data is received, decryption will fail. So is it necessary to verify the checksum of the data?

推荐答案

这是必需的.TLS仅保证写入发送套接字的字节与接收套接字中接收的字节相同.

It is necessary. TLS only guarantees the bytes written to the sending socket are the same bytes received in the receiving socket.

但是，如果在写入发送套接字之前数据已经损坏，或者在从套接字读取数据到尝试使用数据之间，接收方以某种方式损坏了数据，该怎么办?在这种情况下，接收应用程序有责任检查校验和，以确保接收到的数据是预期的数据.

But what if the data is already corrupted before writing to the sending socket or the data is somehow corrupted by the receiver between the time of reading the data from the socket and you are trying to use the data? In this case, it is the receiving application's responsibility to check the checksum to guarantee the data received is the data expected.

就HTTP而言，校验和还可以用于检测线路上的数据损坏，但是在HTTPS的情况下，TLS涵盖了此功能.我认为这是造成混乱的原因，也是您提出这个问题的原因.

In term of HTTP, the checksum could also serve the purpose of detecting the data corruption over the wire, but this functionality is covered by TLS in case of HTTPS. I think this the source of confusion and the reason why you asked this question.

这篇关于通过https发送数据时是否需要验证校验和的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！