By watching Computerphile YouTube videos, I know that today's browsers perform a TLS Handshake with every HTTPS website they display for me on my PC. For this question, let us assume the request is pointed at my server, running an Express API, protected by a valid SSL certificate. Will a TLS Handshake be performed even when I send a POST request with the help of:
- Requests module in Python, a simple POST request to my server from a Python script.
- NodeJS (Express.JS), a simple POST request (containing username and password) from a HTML webpage to my server.
- From a mobile app programmed in MIT App Inventor 2, which gives me an option of making a POST request.
... and not a browser? I am asking this question in regards to an app I am programming, wherein the user has to identify himself with a key and a password, and I want the information (log-in and else) to be securely conveyed to my VPS.
CodePudding user response:
HTTPS means HTTP inside TLS. This means accessing a https://
URL always requires also TLS and thus a TLS handshake. It does not matter if the client is a browser, Python code, NodeJS or whatever. It does not matter if it is GET or POST request either.