双向 SSL 或单向 SSL 当其单向休息调用时? [英] Two-way SSL or One-way SSL when its one way rest call?
问题描述
我创建了一个调用 server-rest-api 的 client-rest-api(单向 post call).我的 client-rest-api 使用 server-rest-api 颁发的证书.但是,我的 client-rest-api 从未向 server-rest-api 颁发任何证书.它属于单向ssl还是双向ssl?
I created a client-rest-api which calls a server-rest-api (one way post call). My client-rest-api uses certificates issued by the server-rest-api. However my client-rest-api never issued any certificates to the server-rest-api. Does it come under one-way-ssl or two-way-ssl?
事件虽然只是从客户端到服务器的单向调用,但我认为它是双向 ssl,因为这里 server-rest-api 验证客户端是否拥有服务器颁发的正确证书?
Event though its just a one way call from client to server, I am thinking its two-way-ssl since here server-rest-api validates that client is having the proper certificates issued by the server?
推荐答案
单向SSL认证是如果客户端只验证服务器的证书.进行此验证是为了确保它是预期的服务器,即没有人参与中间攻击.
One-way SSL authentication is if the client only verifies the certificate of the server. This validation is done to make sure that it is the expected server, i.e. no man in the middle attack.
双向 SSL 身份验证(或更好的相互身份验证或客户端身份验证)是如果服务器还验证客户端的证书.这样做是为了使用证书针对服务器对客户端进行身份验证.
Two-way SSL authentication (or better mutual authentication or client authentication) is if the server also verifies the certificate of the client. This is done to authenticate the client against the server using a certificate.
这意味着是否涉及 REST 并不重要.谁颁发证书也无关紧要.重要的是 TLS 层的通信,即如果服务器请求客户端证书并且客户端发送它.由于从您的描述中看起来后者是这种情况,因此它是双向 SSL 身份验证.但我真的建议将其称为相互身份验证"或客户端身份验证",因为这样可以减少实际所做的混淆.
This means it does not matter if REST is involved it or not. It also does not matter who issued the certificates. All what matters is the communication at the TLS layer, i.e. if the server requests a client certificate and the client sends it. Since it looks like from your description that the latter is the case it is two-way SSL authentication. But I really recommend to call it "mutual authentication" or "client authentication" because this way it is less confusing what is actually done.
这篇关于双向 SSL 或单向 SSL 当其单向休息调用时?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
