\uae30\ubcf8\uc801\uc73c\ub85c HTTP \ud504\ub85c\ud1a0\ucf5c\uc740 \ud3c9\ubb38(plain text)\uc73c\ub85c \ub370\uc774\ud130\ub97c \uc8fc\uace0 \ubc1b\uace0,<\/p>\n\n\n\n
\uc774\ub294 \ub85c\uadf8\uc778 \uc815\ubcf4, \uc138\uc158 \ucfe0\ud0a4, API \uc751\ub2f5 \ub4f1 \ubaa8\ub4e0 \ud1b5\uc2e0 \ub0b4\uc6a9\uc774 \ub178\ucd9c\ub420 \uc218 \uc788\ub294 \uc704\ud5d8\uc744 \ub0b4\ud3ec\ud55c\ub2e4.<\/p>\n\n\n\n
\uc774\ub7f0 HTTP\uc758 \ud55c\uacc4\ub97c \uc774\uc6a9\ud55c \ub300\ud45c\uc801\uc778 \uacf5\uaca9\uc73c\ub85c\ub294<\/p>\n\n\n\n
\uc911\uac04\uc790 \uacf5\uaca9(MITM, Man-in-the-Middle)\uc774 \uc788\uc73c\uba70, \uacf5\uaca9\uc790\ub294 \uc774 \uacf5\uaca9\uc744 \ud1b5\ud574 \uc0ac\uc6a9\uc790\uc758 \ub124\ud2b8\uc6cc\ud06c<\/p>\n\n\n\n
\ud2b8\ub798\ud53d\uc744 \uac00\ub85c\ucc44\uace0 \ub0b4\uc6a9\uc744 \uc5f4\ub78c\ud558\uac70\ub098 \uc218\uc815\ud560 \uc218 \uc788\ub2e4. (e.g. \uce74\ud398 \uc640\uc774\ud30c\uc774\uc5d0\uc11c \ube44\ubc00\ubc88\ud638 \uc720\ucd9c)<\/p>\n\n\n\n
\uc774\ub97c \ud574\uacb0\ud558\uae30 \uc704\ud574, \ud3c9\ubb38\uc758 \ub370\uc774\ud130\ub97c \uc804\uc1a1, \uc989 \uc8fc\uace0 \ubc1b\uc744 \ub54c<\/p>\n\n\n\n
\uc774 \uc804\uc1a1 \uad6c\uac04\uc744 \uc554\ud638\ud654(Encryption)<\/strong> \ud558\ub294 \uac83\uc744 \ub3c4\uc785\ud558\uace0\uc790 \ud588\ub2e4.<\/p>\n\n\n\n \uc774 \uc554\ud638\ud654\ub97c \uc218\ud589\ud558\ub294 \uae30\uc220\uc744 TLS(Transport Layer Security)<\/strong> \ub77c \ud55c\ub2e4.<\/p>\n\n\n\n <\/p>\n\n\n\n \uc6f9 \ud1b5\uc2e0\uc744 \uc554\ud638\ud654\ud558\uae30 \uc704\ud55c \ud45c\uc900 \ud504\ub85c\ud1a0\ucf5c,<\/p>\n\n\n\n \uc774\uc804\uc5d0\ub294 SSL(Secure Sockets Layer)\uc774\ub77c \ubd88\ub838\uc9c0\ub9cc, \uc5ec\ub7ec \ubcf4\uc548 \uacb0\ud568\uc774 \ubc1c\uacac\ub418\uc5c8\ub2e4.<\/p>\n\n\n\n \uc5ec\ub7ec \ubcf4\uc548 \uacb0\ud568\ub4e4\uc744 \ud574\uacb0\ud558\uace0 \ucd94\uac00\uc801\uc778 \ubcf4\uc548 \uae30\ub2a5\uc744 \uc81c\uacf5\ud558\ub3c4\ub85d \uac1c\uc120\ub41c \uac83\uc774 TLS(\ubc84\uc804 \uc5c5\uadf8\ub808\uc774\ub4dc).<\/p>\n\n\n\n TLS\ub294 \ud1b5\uc2e0 \uacfc\uc815\uc5d0\uc11c \ub2e4\uc74c \uc138 \uac00\uc9c0\ub97c \ubcf4\uc7a5\ud55c\ub2e4.<\/p>\n\n\n\n <\/p>\n\n\n\n TLS\ub294 \uc2e4\uc81c \ub370\uc774\ud130 \uc804\uc1a1 \uc804\uc5d0 \uc554\ud638\ud654\ub41c \uc5f0\uacb0\uc744 \uc218\ub9bd(handshake)\ud55c\ub2e4.<\/p>\n\n\n\n \ube0c\ub77c\uc6b0\uc800(\ud074\ub77c\uc774\uc5b8\ud2b8)\uac00 \uc11c\ubc84\uc5d0 TLS\ub97c \uc0ac\uc6a9\ud558\uace0 \uc2f6\uc740 \uc758\uc0ac\uc640 \uac00\ub2a5\ud55c \uc554\ud638\ud654 \uc54c\uace0\ub9ac\uc998\uc744 \uc81c\uc548\ud55c\ub2e4.<\/p>\n\n\n\n <\/p>\n\n\n\n \uc11c\ubc84\uac00 \uc554\ud638\ud654 \uc54c\uace0\ub9ac\uc998\uc744 \uc120\ud0dd, \uacf5\uac1c\ud0a4\uac00 \ub2f4\uae34 SSL \uc778\uc99d\uc11c\ub97c \uc804\ub2ec\ud55c\ub2e4.<\/p>\n\n\n\n <\/p>\n\n\n\n \ube0c\ub77c\uc6b0\uc800\ub294 \uc774 \uc778\uc99d\uc11c\uac00 \uc2e0\ub8b0\ud560 \uc218 \uc788\ub294 \uae30\uad00(CA, Certificate Authority)\uc5d0\uc11c \ubc1c\uae09\ub41c \uac83\uc778\uc9c0 \uac80\uc99d,<\/p>\n\n\n\n \uc778\uc99d\uc11c\uc5d0 \ud3ec\ud568\ub41c \ub3c4\uba54\uc778, \ub9cc\ub8cc\uc77c, \uc11c\uba85 \uc815\ubcf4 \ub4f1\uc744 \uac80\uc0ac\ud55c\ub2e4.<\/p>\n\n\n\n <\/p>\n\n\n\n \ube0c\ub77c\uc6b0\uc800\uc640 \uc11c\ubc84\ub294 \uacf5\uac1c\ud0a4 \uc554\ud638\ud654\ub97c \ud1b5\ud574 \uc138\uc158 \ud0a4\ub97c \uad50\ud658,<\/p>\n\n\n\n \uc774\ud6c4 \ub370\uc774\ud130\ub294 \uc774 \uc138\uc158 \ud0a4\ub85c \ub300\uce6d \uc554\ud638\ud654\ub418\uc5b4 \ud1b5\uc2e0\ud55c\ub2e4.<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n HTTPS = HTTP + TLS<\/p>\n\n\n\n HTTP\uc758 \ub0b4\uc6a9(\uc694\uccad \uba54\uc11c\ub4dc, \ud5e4\ub354, \ubc14\ub514 \ub4f1)\uc740 \uadf8\ub300\ub85c, \u2018\uc804\uc1a1\ud558\ub294 \uacfc\uc815\u2019\ub9cc \uc554\ud638\ud654\ud55c\ub2e4.<\/p>\n\n\n\n <\/p>\n\n\n\n HTTPS\ub97c \uc801\uc6a9\ud588\ub2e4\uace0 \uc644\uc804\ud788 \uc548\uc804\ud55c \uac83\uc740 \uc544\ub2c8\ub2e4.<\/p>\n\n\n\n \ucd5c\ucd08 \uc811\uc18d\uc774 HTTP\ub85c \uc774\ub8e8\uc5b4\uc9c0\ub294 \uc0c1\ud669\uc744 \uc0dd\uac01\ud574\ubcf4\uc790.<\/p>\n\n\n\n e.g.<\/p>\n\n\n\nTLS?<\/h2>\n\n\n\n
\n
TLS \ud578\ub4dc\uc170\uc774\ud06c \uacfc\uc815<\/h2>\n\n\n\n
<\/h3>\n\n\n\n
Client Hello<\/h3>\n\n\n\n
Server Hello<\/h3>\n\n\n\n
\uc778\uc99d\uc11c \uac80\uc99d<\/h3>\n\n\n\n
\ube44\ubc00\ud0a4 \uad50\ud658<\/h3>\n\n\n\n
HTTPS\ub294 TLS \uc704\uc758 HTTP<\/h2>\n\n\n\n
HTTPS\uc758 \ud6a8\uacfc<\/h3>\n\n\n\n
\n
HSTS(HTTP Strict Transport Security)<\/h2>\n\n\n\n