HTTP and HTTPS

Describe a complete Http request process

After the domain name request is passed ————>DNS resolves the domain name to an IP address ————> intermediate route redirection ————> Direct access to the IP address ————> TCP Responds after the three-way handshake – – > TCP waves the four times to end the communication

Client:

  1. Type the url in your browser.
  2. The browser parses the url and generates an HTTP request message.
  3. The browser invokes the system parser and sends a message to the DNS server to query the IP address corresponding to the domain name.
  4. After getting the IP, it is handed along with the request message to the TCP module of the operating system protocol stack.
  5. The data is divided into packets and the TCP header is added to form TCP packets.
  6. The TCP header includes the sender port number, receiver port number, packet number, and ACK number.
  7. The TCP message is then passed to the IP module.
  8. The IP module adds an IP header and a MAC header.
  9. The IP header includes the IP address and is used by the IP module. The MAC header includes the MAC address and is used by the data link layer.
  10. The IP module will deliver the entire message packet to the network hardware, namely the data link layer, such as Ethernet, WIFI, etc.
  11. Then the network adapter will convert these packets into electrical signals or optical signals, and send them out through network cables or optical fibers, and then send them to the receiver by routers and other forwarding devices.

Server side:

  1. The packets arrive at the data link layer of the server, such as Ethernet, and are then converted into packets (digital signals) to the IP module.
  2. The IP module sends the MAC header and the content after the IP header, that is, TCP packets, to the TCP module.
  3. The TCP module parses the TCP header and communicates with the client that the packet has been received.
  4. After receiving all packets, the TCP module encapsulates the good news and generates corresponding packets to send to the application layer, that is, the HTTP layer.
  5. The HTTP layer receives a message, such as HTML data, and parses the HTML data and eventually draws it onto the browser page.

Briefly describe the three handshakes and the four waves

Three handshakes:

The client sends a random SEq =100

The server returns a random SEq =200, ACK =100+1

The client returns an ACK =200+1

Four wave: The client sends one FIN=1, seQ =100 The server sends one ACK =100+1 The server sends one FIN=1, SEQ =200 The client sends one ACK =200+1

The server sends twice because it needs to wait for the server to finish processing the current task.

Why three handshakes instead of two or four?

Prevents invalid connection requests from being sent to the server and causing errors

Twice, the server does not know whether its request was successfully sent to the client. However, the server considers the connection successful. If it is lost a second time, the client thinks the server is not responding and resends it, so that the invalid connection request is sent to the server.

TCP is a reliable protocol for communication between two parties. Therefore, both parties generate an initial sequence number for confirmation. If the sequence number is changed twice, only the client is reliable to the server, but the server is not reliable to the client

Four times is too much

Why do you need three handshakes? And it takes four waves?

Because the wave needs to wait for the server to process all the messages in the connection, in the closed state, to put it simply, the server needs to wait for itself to enter the closed state

Can a handshake carry data?

The third request can carry data information. If the client thinks the connection has been established, it can carry parameters. However, the first two requests cannot carry data information, which may cause attacks on the server

Why does the TIME_WAIT state have to wait 2MSL before switching to CLOSE?

  1. Ensure the last successful arrival to the server. The last confirmation message sent by the client to the server may be lost. If it is lost, the server will have a retry mechanism and wait for a second time, that is, 2MSL. If the server does not receive a retry request, the server is considered to have received it, and the 2MSL time will be updated when the request is received
  2. The wait time of 2MSL is also used to prevent invalid connection request packets from appearing in new connections and prevent the third retry request from being accepted by the client without interfering with other requests

Is SSL at the transport or application layer?

SSL Layer An SSL layer is created between the transport layer and the application layer

The difference between TCP and UDP?

1. Connection-based and connectionless;

2. Requirements on system resources (more TCP, less UDP);

3, UDP program structure is simple;

4. Stream mode and datagram mode;

5, TCP to ensure data correctness, UDP packet loss;

6. TCP ensures data order, UDP does not.

Common status code

  • 1XX – Temporary message. The server receives the request and requires the requester to continue.

  • 2XX – Request successful. The request was received successfully, understood, and processed.

  • 3XX – Redirect. Further action is required to complete the request.

  • 4XX – Client error. The request contained a syntax error or could not complete the request.

  • 5XX – Server error. The server encountered an error while processing the request.

200: The client Request succeeds 301: the resource (web page) is permanently transferred to another URL 302: Redirected and temporarily redirected 400: The client Request has a syntax error and cannot be understood by the server (Bad Request 404: The requested resource does not exist and the URL is incorrect 500: An unexpected error occurs on the server 502: Bad Getway 503: The server cannot process requests from the client. The error may return to normal after a period of time. (Server Unavailable)

Describe the differences between TCP and UDP

TCP: TCP is used in scenarios that require accurate data, correct sequence, and stability. UDP: Data immediacy

socket

TCP is populated by the Socket protocol

This section describes the HTTPS encryption process

RSA is asymmetric encryption, AES is symmetric encryption

  1. The client requests the server for access
  2. The server creates an RSA and obtains the private and public keys
  3. The server sends the public key to the client
  4. The client undergoes complex certificate validation
  5. The client generates the AES key
  6. The AES key is encrypted with the RSA public key and sent to the server
  7. The server decrypts the AES key using the RSA private key
  8. The client and server then communicate using AES keys

Why use RSA encryption to exchange AES keys instead of RSA encryption?

Because RSA encryption has performance loss, the encryption and decryption process is time-consuming, and is not suitable for frequent communication. AES encryption is faster

Describe the solution to man-in-the-middle attacks. (DNS hijacking)

  1. The client accesses domain name A and requests the server
  2. Middlemen hijack DNS to direct it to private IP B. That is, the client establishes an HTTPS connection with USER B
  3. User B is establishing an HTTPS connection with User A
  4. The server creates an RSA and obtains the public and private keys.
  5. The server sends the public key (S) to the client
  6. Middleman intercepts information and obtains public key (S)
  7. Generate the RSA public key (middle) and private key (middle) and send the public key (middle) to the client
  8. The client generates the AES key
  9. Use the public key (middle) to encrypt the AES key and send it to the server
  10. The middleman intercepts the information, obtains the encrypted information, decrypts it using the private key (middle), and obtains the AES key
  11. The middleman encrypts the AES key using the public key (S) and sends it to the server
  12. The server decrypts the AES key through the private key (S).

At this point, the middleman holds the AES key exchanged between the client and server to intercept messages and decrypt them

Solution: The RSA public key to the CA, the CA institutions add domain name, the period of validity and so on to make it into the certificate, after encrypted with the private key of CA institution is placed on the server, when the client request, return to the encrypted information, the client from CA organization for public key (usually built in the machine), after successful decryption, access to information, If the CA authentication succeeds and the server public key is obtained, proceed as follows.

HTTPS does not protect against man-in-the-middle attacks, only fixed SSL ‐ pinning or apk certificates for self-signed authentication can protect against man-in-the-middle attacks

Certificate Pinning is the true public key Certificate on the Server side built into the Client side. During an HTTPS request, the public key certificate sent from the Server to the Client must be consistent with the built-in public key certificate of the Client.

The HTTP layer

DNS pollution

Countries or regions that prevent a website from being accessed are DNS that send the wrong IP address, making it inaccessible

Use proxy servers and VPNS

The differences between HTTP1.0, HTTP1.1, and HTTP2.0

1.0: Transient connection, repeated access, connection cannot be reused

1.1: support persistent connection, long connection, optimization 1.0 brought performance problems, can multiplexing (number limit), serial processing, a failure, all subsequent failures, synchronization

2.0: Optimized multiplexing mechanism, header compression, parallel processing, async

3.0: UDP