I am consuming the rest web service which is on HTTPS. Provider of the web service is sending checksum of the data sent over HTTPS. As the data sent over ssl is already encrypted and if the erroneous data is received, decryption will fail. So is it necessary to verify the checksum of the data?
It is necessary. TLS only guarantees the bytes written to the sending socket are the same bytes received in the receiving socket.
But what if the data is already corrupted before writing to the sending socket or the data is somehow corrupted by the receiver between the time of reading the data from the socket and you are trying to use the data? In this case, it is the receiving application's responsibility to check the checksum to guarantee the data received is the data expected.
In term of HTTP, the checksum could also serve the purpose of detecting the data corruption over the wire, but this functionality is covered by TLS in case of HTTPS. I think this the source of confusion and the reason why you asked this question.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With