I met the HTTP

What is the HTTP

HTTP is a Hypertext Transfer Protocol.

  • Application layer protocol based on TCP
  • Request and response
  • Simple scalability
  • Stateless, each request is isolated

The development process

Message analysis

⭐️ Components of the HTTP protocol: - Start line: describes the basic information about the request or response. - Header: provides more details in key-vaule format. Packet-entity: indicates the actual transmitted data, which may not be plain textCopy the code

According to the HTTP protocol, each packet sent must have a Header, but can not have a body, and there must be an empty line in the Header and body.

It looks something like this:



The starting line of each message consists of three characters:

  • Method
  • The URL field
  • HTTP version field

Method

⭐️Method reclassify according to features: Safe: do not modify the server data methods Idempotent: All safe methods are Idempotent GET HEAD OPTIONS PUT DELETE. All safe methods are Idempotent GET HEAD OPTIONS PUT DELETECopy the code

👉 status code

The status code shows the result of the resource request. Common status codes are:

Request headers

The start line and header are both request headers or response headers.

Common response headers:

The cache

Caches are classified into strong caches and negotiated caches:

Browser view update cache process:

cookie

Cookies help us enhance some of the state-related features

Set a Cookie – the response:

Cookies generally exist as key-value pairs. Be careful when setting cookies

Summary of 👉 HTTP / 2

HTTP/2 introduces the concept of binary data frames and streams, which are faster, more stable, and simpler

  • Frame: The smallest unit of HTTP/2 communication. Each frame contains a frame header and at least identifies the data stream to which the current frame belongs
  • Data stream: a bidirectional byte stream within an established connection that can carry one or more messages

– HTTP/2 connections are permanent and require only one connection per source – flow control: Mechanism for organizing sending a large amount of data to the receiver ⭐️ Frames identify the data sequentially. After the browser receives the data, it installs the sequence to merge the data. There will be no data disorder after merging.

Pros and cons of HTTP

Advantages of HTTP

  • Simple, flexible, and easy to expand
  • Widely used, mature environment
  • Stateless is both an advantage and a disadvantage, because the server has no memory function and does not need additional resources to record state information. It is simple to implement, reduces the burden on the server, and can use more CPU and memory to provide services externally

HTTP shortcomings

  • Stateless Since the server does not have the memory function, it cannot support practical operations requiring multiple steps. Hence the cookie technology

  • Plaintext insecure HTTP can be monitored or snooped on. Therefore, the identities of the two parties cannot be identified and packets cannot be changed

Summary of the HTTPS

👉 What is HTTPS

  • HTTPS Hypertext Transfer Protocol SecureIt is used between two end systems on a computer networkSecure Communication
  • Encrypted by TSL/SSL

⭐️ is equivalent to HTTP+SSL(TLS)=HTTPS

Some features of HTTPS:

  • Reliability: encryption
  • Integrity: MAC authentication
  • Non-repudiation: digital signature

👉 TSL/SSL

TSL is a successor to SSL, a protocol used for authentication and encryption between two computers on the Internet. Located in the session layer

encryption

TSL fundamentally uses both symmetric and asymmetric encryption:

  • Symmetric encryption Both encryption and decryption use the same key
  • Asymmetric encryption Encryption and decryption require the use of two different keys:Public KeyandPrivate key

Integrity -MAC authentication

Message Authentication Code, the full name of MAC, is generated from the message and the key through the MAC algorithm. The MAC value allows the verifier (who also has the secret key) to detect any changes in the message content, thus protecting the data integrity of the message.

Non-repudiation – digital signature

Private key — encryption

Public key — decryptionDigital signatures work in HTTPS:

⭐ ️! When the signature algorithm is not robust enough, the signature algorithm is brute force cracked and the man in the middle attacks

What exactly does 👉HTTPS do?

The HTTPS protocol provides three key metrics

  • ENCRYPTION

    HTTPS encrypts data to protect it from eavesdroppers
  • Data Integrity

    Data will not be modified by eavesdroppers during transmission, and the data sent by users will be completely sent to the server
  • Authentication

    It can confirm the real identity of the other party, prevent man-in-the-middle attacks and establish user trust

HTTP strict-transport-Security (HSTS)

Actively upgrade HTTP to HTTPS:

You must have HTTPS to have HSTS!

The last

This study note introduces the development process of HTTP and some related knowledge points, as well as the creation of HTTPS and some features. Some of the highlights are marked. If there are mistakes, welcome to correct ~!