Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it necessary to verify checksum when data is sent over https

I am consuming the rest web service which is on HTTPS. Provider of the web service is sending checksum of the data sent over HTTPS. As the data sent over ssl is already encrypted and if the erroneous data is received, decryption will fail. So is it necessary to verify the checksum of the data?

like image 641
hnm Avatar asked Jan 05 '16 11:01

hnm


1 Answers

It is necessary. TLS only guarantees the bytes written to the sending socket are the same bytes received in the receiving socket.

But what if the data is already corrupted before writing to the sending socket or the data is somehow corrupted by the receiver between the time of reading the data from the socket and you are trying to use the data? In this case, it is the receiving application's responsibility to check the checksum to guarantee the data received is the data expected.

In term of HTTP, the checksum could also serve the purpose of detecting the data corruption over the wire, but this functionality is covered by TLS in case of HTTPS. I think this the source of confusion and the reason why you asked this question.

like image 131
chyz198 Avatar answered Oct 11 '22 02:10

chyz198