GET 数据是否也在 HTTPS 中加密? [英] Is GET data also encrypted in HTTPS?

问题描述

当你得到

https://encrypted.google.com/search?q=%s

%s 查询是否加密?还是只是回应?如果不是，为什么 Google 还要加密提供其公共内容?

Is the %s query encrypted? Or just the response? If it is not, why should Google serve its public content also with encryption?

推荐答案

整个请求都是加密的，包括 URL，甚至命令 (GET).代理服务器等介入方唯一能收集到的就是目标地址和端口.

The entire request is encrypted, including the URL, and even the command (GET). The only thing an intervening party such as a proxy server can glean is the destination address and port.

但是请注意，TLS 握手的 Client Hello 数据包可以通过 SNI 扩展(感谢@hafichuk)，所有现代主流浏览器都使用它，尽管有些仅适用于较新的操作系统.

Note, however, that the Client Hello packet of a TLS handshake can advertise the fully qualified domain name in plaintext via the SNI extension (thanks @hafichuk), which is used by all modern mainstream browsers, though some only on newer OSes.

(因为这只是给我一个好答案"徽章，我想我应该回答整个问题......)

(Since this just got me a "Good Answer" badge, I guess I should answer the entire question…)

整个响应也是加密的；代理无法拦截其中的任何部分.

The entire response is also encrypted; proxies cannot intercept any part of it.

Google 通过 https 提供搜索和其他内容，因为并非所有内容都是公开的，您可能还想从 MITM.无论如何，最好让 Google 自己回答.

Google serves searches and other content over https because not all of it is public, and you might also want to hide some of the public content from a MITM. In any event, it's best to let Google answer for themselves.

这篇关于GET 数据是否也在 HTTPS 中加密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！