Basic knowledge of
- The information transmitted through HTTP consists of packets.
- There are more than 40 HTTP status codes, and we only need to remember some of them.
- HTTPS is not a new protocol,
HTTPS = HTTP + Secure
. - The TCP/IP protocol family is divided into application layer > transport layer > network layer > link layer. The HTTP protocol is divided into application layers.
Began to…
What is a message?
As we all know, when the client initiates a request, it will carry the request parameters, which is one part of the packet body. Or after the request is successful, the interface of the server returns data to the client. The returned data is the packet body. The information transmitted through HTTP consists of packets. (Note: message! == Indicates the packet body. Packet = Packet header + Packet body) Click here to view more information about packet composition
HTTP is not secure
When we launched an a request, the server in the middle of the transfer process will forward through multiple servers, such as: in Shanghai on a computer, to the server to deploy a server in Beijing, the interface request, the server in the middle of may after nanjing forwarding > jinan server forwarding servers forward > > tianjin Beijing server receives the request. In the process of communication, if the attacker impersonates the Jinan server and intercepts our request, our information will be stolen.
It should also be noted that neither the client in Shanghai nor the server in Beijing is aware that the request is being blocked, and everything appears to be fine (this is due to the stateless nature of the HTTP protocol, which will not be extended here). Keep the following points in mind:
- HTTP is stateless and insecure;
- Information may be intercepted or tampered with during communication, which results in the failure to ensure the validity and integrity of the message.
- During communication, the identities of the communication parties are not verified, which may lead to camouflage
What is HTTPS?
Generally speaking, HTTPS = HTTP + Secure. But how is the security in the back done? In fact, Secure is based on the Secure Socket Layer (SSL) protocol. Encrypts HTTP traffic in combination with SSL.
After establishing a secure communication line with SSL, HTTP communication can be carried out over this line. The COMBINATION of HTTP with SSL is called HTTPS (HTTP Secure)
How does HTTPS ensure security?
We know HTTPS = HTTP + SSL from what is HTTP above. So what exactly does SSL do to make our communication secure? Click to view the analysis