HTTP

HTTP profile

  • HTTP protocol is hypertext transfer protocol, is a request and response based, stateless, application layer protocol, often based on TCP/IP protocol transmission data, the Internet is the most widely used network protocol, all WWW files must allow you this standard. It is a transport protocol for transferring hypertext editing language (HTML) from a WEB server to a local browser
  • HTTP was originally designed to provide a way to publish and accept HTML pages

Principle of HTTP

  • HTTP is a protocol based on TCP/IP communication protocol to transfer data, data transmission types are HTML files, pictures, query results and so on
  • The HTTP protocol is generally used in the B/S architecture. The browser, acting as an HTTP client, hears the URL and sends all requests to the HTTP server, that is, the WEB server

HTTP features

  • Request-based and response-based: The basic feature where the client initiates a request and the server responds
  • Simple, fast and flexible
  • Communication using plaintext, request and response do not confirm the communication and cannot protect the integrity of data
  • Connectionless: Only one request is processed per connection next time. After the server processes the request and receives the response from the client, it disconnects, but it is not good for the client to maintain the Session connection with the server. In order to make up for this deficiency, two technologies for recording THE HTTP state are produced, one is called Cookie and the other is called Session
  • Stateless: Stateless means that the protocol has no memory for transaction processing. If the previous information is required for subsequent processing, it must be retransmitted

The difference between URIs and urls

  • A URI is used to identify a specific resource. We can tell what a resource is by using a URI
  • Urls are used to locate specific resources, marking the location of a specific resource. Every file on the Internet has a unique URL

HTTP Packet Composition

  • Request message Composition

    • Request line: includes request method, URL, protocol/version
    • Request Header
    • Request body
  • Response message Composition

    • The status line
    • Response headers
    • In response to the body
  • Packets are sent from the application layer to the transport layer. The transport layer establishes a connection with the server through a TCP three-way handshake and releases the connection with a four-way handshake

  • Why do you need three handshakes?

    • An error occurs in case an invalid connection request segment is suddenly sent to the server
  • The three handshakes are essentially equivalent to the following conversation

    • Client: server, I want to establish a connection with you, do you agree? (SYN = 1)
    • Server: client, I agree to establish a connection with you (ACK = 1); I want to connect with you, too. Do you agree? (SYN = 1)
    • Client: server, I agree to establish a connection with you. (ACK = 1)
  • During the second handshake (when the server responds to the client), packets are sent twice, first answering the client’s service request (ACK = 1, ACK = x+1) and then sending a request to the client (SYN = 1, SEq = y).

  • Four waves are essentially equivalent to the following conversation

    • Client: Server, I want to disconnect from you, do you agree? (FIN = 1)
    • Server: I agree (ACK=1) (In the meantime, the server may still send data to the client, but the client can no longer send data to the server)
    • Server: Client, I want to disconnect from you, do you agree? (FIN = 1)
    • Client: I agree. (ACK = 1)
  • After another 2L of time, the connection is actually disconnected

HTTPS

Introduction of HTTPS

  • HTTPS is a transport protocol for secure communication over the computer network. It uses SSL/TLS to establish secure channels and encrypt data packets. HTTPS is used to authenticate network servers and protect the privacy and integrity of exchanged data. TLS is a transport layer encryption protocol, its predecessor is SSL (SSL protocol is between TCP/IP and various application layer protocols to provide security support for data communication).

The disadvantage of the HTTPS

  • Multiple HTTPS handshakes prolong the page loading time by nearly 50%
  • HTTPS connection caching is not as efficient as HTTP, which increases data overhead and power consumption
  • It costs money to apply for SSL certificate. The more functions you need, the higher the cost
  • The security algorithm designed by SSL consumes CPU resources and server resources

Difference between HTTP and HTTPS

  • For HTTPS, you need to apply for a certificate from the CA
  • HTTP is a hypertext transfer protocol, while HTTPS is a secure SSL encryption transfer protocol
  • HTTP and HTTPS generally use different links, and the default port is also different, HTTP is 80, HTTPS is 443
  • HTTP connections are simple and stateless; HTTPS is a network protocol that uses SSL and HTTP to encrypt transmission and authenticate identity. It is more secure than HTTP

HTTPS optimization summary easy to remember version

  • HSTS redirection technology: Automatically converts HTTP to HTTPS, reducing 301 redirects
  • TLS handshake optimization: The client sends data to the server before the TLS handshake is complete
  • Session identifier: The server records the session ID with a client. The next time the client sends the ID, the server can directly communicate with the previous private key
  • OSCP Stapling: The server sends the OCSP response with the CA’s signature to the client during the handshake, saving the client from going to the CA to query it
  • Full forward encryption PFS: Uses a more complex secret key algorithm

How HTTP and HTTPS work

How HTTP works

  • An HTTP operation is called a transaction, and it works in four steps
    • The Client establishes a connection with the Server and clicks a hyperlink to start the HTTP work
    • After the connection is established, the Client sends a request to the Server in the format of a uniform resource Identifier (URL), protocol version number, followed by MIME information including request modifiers, Client information, and possible contents
    • After receiving the request, the Server sends the corresponding response information in the format of a status line, including the protocol version number of the message, a success or error code, followed by MIME information including the Server information, entity information, and possible content
    • The Client receives information from the Server and displays it on the user’s screen. Then the Client disconnects from the Server

How HTTPS works

  • The Client accesses the Web server using the HTTPS URL and requires an SSL connection with the Web server
  • After receiving the request from the client, the Web server sends a copy of the certificate information (including the public key) of the website to the client
  • The client’s browser and the Web server begin to negotiate the security level of the SSL connection, that is, the level of information encryption
  • The browser on the client establishes the session key according to the mutually agreed security level, then encrypts the session key using the website’s public key and transmits it to the website
  • The Web server decrypts the session key using its own private key
  • The Web server uses the session key to encrypt communication with the client

Q&A

The difference between SSL and TLS?

  • SSL (Secure Socket Layer), a protocol Layer between reliable connection-oriented network Layer protocols and application Layer protocols. SSL ensures secure communication between clients and servers through mutual authentication, digital signatures to ensure integrity, and encryption to ensure privacy. The protocol consists of two layers: SSL recording protocol and SSL handshake protocol
  • TLS :(Transport Layer Security), used to provide confidentiality and data integrity between two applications. The protocol consists of two layers: TLS recording protocol and TLS handshake protocol

Can third-party attackers make their certificates display information that is also on the server side?

  • (Disguised server configuration) Obviously this is not possible, because when a third-party attacker goes to CA to seek authentication, CA will require it to provide whoIS information of the domain name, domain name management email, etc., to prove that you are the owner of the server domain name. A third party attacker can’t provide that information so he can’t fool the CA that he owns the domain name of the server

The difference between GET and POST, when should YOU use GET and when should you use POST

  • GET
    • Generally used for information retrieval, the URL is used to pass parameters, and the number of messages sent is limited to 2000 characters
    • Pass values through the address bar
  • POST
    • Generally used to modify resources on the server, there is no limit to the amount of information sent
    • Pass the value through the body
  • summary
    • Get requests are usually used to obtain general information
    • Post requests are best used in the following situations
      • Sending large amounts of data to the server (because post has no limit on how much data can be sent)
      • Unable to use cached file (updated file on server)
      • When sending user input containing unknown characters

Why does the client end up sending an acknowledgement to the server in a three-way handshake?

  • This is to prevent the invalid connection request segment from suddenly being sent to the server. The so-called invalid connection request segment is generated in this way. Consider a normal case where a client makes a connection request but does not receive an acknowledgement because the connection request message is lost. The client retransmits the connection request, receives confirmation, and establishes the connection. After the data is transferred, the connection is released. The client sends two connection request segments. The first is lost and the second reaches the server. There is no such thing as an invalid connection request segment.
  • But if there is a abnormal situation, that is, the first message from the client is not lost, but on a node stranded for a long time, until the client to the server to send the second message segment and has complete data transmission released connection, at this point, the first mistake is a message to the server client to initiate a connection request, Essentially a connection request that has long since expired. If there is no third handshake, the connection is established, but the client does not send any request to the server, and the connection continues, consuming network resources

Why do you need four waves?

  • TCP is in full-duplex mode. When a TCP client sends a FIN packet, the client sends a message to the server indicating that all data has been sent. However, the client can still accept the data from the server. When the server returns an ACK packet, it indicates that it knows that no data is sent from the client, but the server can still send data to the client. When the server also sends a FIN packet, the server tells its client that it has no data to send either. If the server receives a FIN packet, the TCP connection is terminated

What is the MSL

  • MSL indicates the Maximum Segment Lifetime. If the Maximum Segment Lifetime is exceeded, the packet will be discarded. 2MSL means twice the time of 2MSL

Why does the client WAIT 2MSL (four minutes) in time-wait state after sending the last data?

  • To ensure that the last ACK packet segment sent by the client can reach the server. The ACK segment may be lost. Therefore, user B in the last-ACK state cannot receive the confirmation of the sent FIN+ACK packet. The server retransmits the FIN+ACK segment by timeout, and the client receives the retransmitted FIN+ACK segment within 2MSL. The client then retransmits an acknowledgement, restarts the 2MSL timer, and finally both the client and server can enter the CLOSED state. If there is no 2MSL wait time, the retransmitted FIN+ ACK packet cannot be received and the normal CLOSED state cannot be entered
  • Prevents invalid connection request message segment from appearing in this connection. After sending the last ACK message segment, the client can make the message segment generated during the duration of this connection disappear from the network after 2MSL. This prevents the old connection request segment from appearing in the next new connection