Computer network
-
TLS protocol handshake process, how does it work
-
Client Provides the protocol version number, random number generated by the client, and encryption method supported by the client
-
The server provides the protocol version number, encryption method used by both parties, digital certificate, and random number generated by the server
-
According to the CA public key, the client verifies the digital certificate and gives the generated random number encrypted by the server public key (Premaster secret).
-
Server decrypts with server private key to obtain random number (premaster secret)
-
The client and server generate the session key according to the agreed encryption method and three random numbers previously generated, which is used to encrypt the whole process of the following conversation
-
-
The QUIC protocol used in HTTP3 is based on UDP
-
HTTP2, based on TCP
-
TCP is connection-oriented, so each connection takes some time
-
In HTTP3, udP-based is designed to improve the performance of connection-oriented Web applications currently using TCP.
-
UDP is unreliable, so we should transform it into a reliable QUIC protocol on the basis of UDP
-
Source: Why does HTTP3.0 use UDP
-
-
Is an HTTP request a thread or a process
- Each HTTP request needs to be controlled using one thread
-
Does HTTP have a limit on the number of requests in the browser, and what is its policy
- Yes, a maximum of six to eight TCP connections can be established for each domain name
-
How does HTTPS ensure data security
-
The CA certificate is used to ensure server authenticity
-
Asymmetric encryption is used to ensure the confidentiality of session key
-
Symmetric encryption is used to ensure the confidentiality of sessions
-
Digital signature is used to ensure data integrity
-
-
How does HTTP2 eliminate queue header blocking
- The TCP header is blocked. Procedure
- When a packet transfer fails and the receiver receives a packet out of order, the receiver sends a retransmission request for the missing packet (actually a confirmation packet for the packet above the missing packet).
- At this time, the sender must send the missing packet to the receiver and receive the confirmation before sending the next packet. The block caused by the retransmission makes the next packet have to wait, which is queue head block
- Queue headers are blocked in HTTP1.1
- HTTP1.1 allows multiple HTTP requests to be sent within a TCP connection, but imposes a restriction on the order in which the requests are sent. This is because there is no ordinal identification of the request and response.
- Therefore, when the first request is not responded to, subsequent responses must wait for its response. The blocking caused by this waiting time is called queue head blocking
- How does HTTP2 eliminate header blocking
- Instead of pipelining, HTTP2 introduces the concepts of frames, messages, and data streams. Each request/response is called a message, and each message is broken into several frames for transmission, each frame assigned a serial number. Each frame is transmitted as part of a data stream, while multiple streams can exist on a connection. Each frame is transmitted independently on the stream and connection and assembled into a message upon arrival, thus avoiding request/response blocking.
- But because HTTP2 uses TCP at the bottom, TCP header blocking can still occur.
- Source: What is queue head blocking and how to solve it
- The TCP header is blocked. Procedure
-
Which layer does TCP/IP belong to (OSI)
-
TCP belongs to the transport layer and is responsible for communication between applications (specify ports to distinguish different applications).
-
IP belongs to the network layer and is mainly responsible for packet forwarding of routes (specify IP address for easy selection of forwarding path).
-
-
Common HTTP headers (request headers, response headers)
- Request header:
-
User-agent: indicates the User Agent, which indicates the browser used by the User
-
Content-type: The Content Type of the body in the request, which helps the server parse the body correctly
-
Accept: Indicates the type of the response received
-
Accept-encoding: Indicates the accepted response Encoding
-
Accept-language: Indicates the accepted content Language
-
Cache-control: describes Cache Control
-
Host: indicates the requested Host
-
Connection: indicates the Connection type
-
Cookie: Cookie information
-
If-modified-since: Last-modified corresponding to the response header, used to negotiate the cache
-
If-none-match: corresponds to Etag and is used to negotiate the cache
-
Referer: refers to the url that sends the request. In order to prevent the files of the website from being directly referenced by the external network, anti-theft chain is set up.
-
Origin: indicates the source of the request, which is used for cross-domain identification
-
- Header:
-
Cache-control: describes Cache Control
-
Connection: indicates the Connection type
-
Last-modified /Etag: A summary of the Last Modified time/resource used to negotiate the cache
-
Set-cookie: sets the Cookie for the client
-
- Data: Application of HTTP request headers and response headers
- Request header:
-
TCP/IP reference model
-
TCP/IP four-tier reference model
-
The application layer is responsible for specific application protocols, such as HTTP, FTP, SMTP, DNS, and so on
-
Transport layer, which is responsible for inter-application communication protocols, such as TCP and UDP
-
The Internet layer, which is responsible for grouping forwarding protocols, such as IP, across the network
-
The network interface layer, which is responsible for the concrete signal representation (physical layer) and the routing of packets from one node to another (data link layer)
-
In the original OSI seven-layer reference model, the presentation layer and session layer between application layer and transport layer are abandoned. The data link layer is merged with the physical layer to form the network interface layer
-
-
Why does TCP require three handshakes and four waves to establish a connection
- Shake hands
- If you hold it only once, the client cannot determine whether the connection was successfully created
- If the packet is held only twice, the server will create a connection unilaterally when the packet is received after it has been in the network for some time
- Therefore, when the server sends a connection request, if the client does not agree (no ACK), the server will not establish a link
- wave
- If the server sends the packet for three times, the client may not receive the packet due to network reasons when the server closes the transmission from the server to the client (FIN). In this case, the client waits to close the packet, wasting resources on the client
- Therefore, when the server sends a FIN packet, it must wait for the client to send an ACK packet to ensure that the client closes the link successfully
- Materials: iOS: why the TCP connection will shake hands three times, four times wave wave | TCP (7) – four times
- Shake hands
-
How does the client determine whether the public key delivered by the server is not tampered with by a middleman
-
A public key certificate issued by the server, containing the public key summary encrypted by the CA private key, and the public key
-
After obtaining the public key certificate, the client uses the CA public key to decrypt the public key summary encrypted by the CA private key, and extracts the public key summary contained in the public key certificate
-
By comparing the decrypted summary with the calculated one, we can judge whether it is tampered by the middleman
-