Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HTTPS and Data Integrity

Tags:

https

integrity

I haven't done lot of research on HTTPS yet so I have a question about it.

Is data integrity preserved using HTTPS or only confidentiality? For example on file upload, does HTTPS guarantee that no one can change the data on upload, or it only guarantees that no one can read it?

like image 402
Nebojsa Veron Avatar asked Mar 01 '11 00:03

Nebojsa Veron

People also ask

Does https provide data integrity?

Client-server, end-to-end encryption. All the HTTP traffic between the client and the server is encrypted, preventing anyone from understanding it even if they can intercept it. Message Integrity.

What does data integrity mean?

Data integrity is the overall accuracy, completeness, and consistency of data. Data integrity also refers to the safety of data in regard to regulatory compliance — such as GDPR compliance — and security. It is maintained by a collection of processes, rules, and standards implemented during the design phase.

What is integrity in SSL?

Integrity ensures that a message sent by a client is received intact by the server, untampered. To ensure message integrity, the client hashes the message into a digest using a hash function and sends this message digest to the server. The server also hashes the message into a digest and compares the digests.

1 Answers

Short answer: Yes

Requirements:

  • The cipher suite uses a digest algorithm like SHA, SHA-2 (256 or 394) or MD5 (please avoid it !) to compute a Hash-based Message Authentication Code (HMAC). This message is then used to check data integrity for each record.

Example: TLS_RSA_WITH_AES_128_CBC_SHA256

  • The cipher suite supports Authenticated Encryption with Additional Data (AEAD) like AES-GCM (AES-CCM, AES-EAX exist but are less common) or CHACHA20-POLY1305 (recommended).

Example: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

Regarding the second example, it is important to note that SHA256 is NOT the HMAC algorithm but it is used as PRF (check this answer for more details).

like image 192
ATo Avatar answered Dec 11 '22 08:12

ATo
Sign in to Comment

Related questions

Internet Explorer Warning when embedding Youtube on HTTPS site?
Apache Http Client SSL certificate error
How can I use an https proxy with node.js https/request Client?
htaccess help, need to force www, https, and remove index.php
CookieManager for multiple threads
Curl OpenSSL error 141A318A tls_process_ske_dhe:dh key too small
Will Google index a site which forces HTTPS or SSL?
HTTPS request using Net::HTTP's block form -- is it possible?
safari - NSPOSIXErrorDomain:100
PHP Curl: SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)
Pointing GoDaddy DNS to GitHub page uses http over https
NodeJS - https - TypeError [ERR_INVALID_HTTP_TOKEN]: Header name must be a valid HTTP token ["Accept​"]
Redirect http requests to https in wildfly 10
https vs ssl- when to use what
How to make a page with an HTTPS iframe appear secure
RabbitMQ Management Over HTTPS and Nginx
SSL Certificate Verification fails when logging into Azure Container Registry
React Native and Https Agent

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!