This section describes how Chrome 40 shows a lock icon when you visit an 'https' Web site to indicate that the communication is secured with data encryption.
As I mentioned earlier in the book, Web browsers play very important roles in using HTTPS
(Hypertext Transfer Protocol Secure) to secure Web communications.
Now let's see how Chrome 40, as a major Web browser, supports HTTPS.
1. Run Chrome 40 and go to Yahoo home page at www.yahoo.com.
2. Click "Mail" in the Yahoo side menu.
3. After Chrome 40 finishing displaying the login page,
look at the left side of the URL address box. You will
see a lock icon displayed next to the address:
What happened here was:
When the link "Mail" was clicked, Chrome was redirected to use this URL: https://login.yahoo.com/?.src=ym...
Since this is an HTTPS based URL, Chrome requested for the server, login.yahoo.com, to provide the server certificate.
Chrome validated the server certificate and found no issue.
Chrome created a one-time secret key, encrypted with server's public key and delivered to the server.
Server returned the login page document encrypted with the secret key.
Chrome and the server will continue to use this secret key to encrypt any data exchanged between them.
The lock icon at the left side of the URL address indicates that this page is secured with HTTPS.
If you click the lock icon, Chrome will provide you more security related information for this page.
See next sections for more details.