HTTPS 标头是否加密? [英] Are HTTPS headers encrypted?

问题描述

当通过 HTTPS 发送数据时，我知道内容是加密的，但是我听到的关于标头是否加密或标头有多少被加密的答案褒贬不一.

When sending data over HTTPS, I know the content is encrypted, however I hear mixed answers about whether the headers are encrypted, or how much of the header is encrypted.

有多少 HTTPS 标头被加密了?

How much of HTTPS headers are encrypted?

包括GET/POST请求URL、Cookies等

Including GET/POST request URLs, Cookies, etc.

推荐答案

整批都是加密的^† - 所有的标题.这就是为什么 vhost 上的 SSL 效果不佳的原因 - 您需要一个专用 IP 地址，因为 Host 标头已加密.

The whole lot is encrypted^† - all the headers. That's why SSL on vhosts doesn't work too well - you need a dedicated IP address because the Host header is encrypted.

^†服务器名称标识 (SNI) 标准意味着如果您使用 TLS，主机名可能不会被加密.此外，无论您是否使用 SNI，TCP 和 IP 标头都不会加密.(如果是这样，您的数据包将无法路由.)

^†The Server Name Identification (SNI) standard means that the hostname may not be encrypted if you're using TLS. Also, whether you're using SNI or not, the TCP and IP headers are never encrypted. (If they were, your packets would not be routable.)

这篇关于HTTPS 标头是否加密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！