http

What is the HTTP protocol

Hypertext Transfer protocol, is a request and response based, stateless, application layer protocol, often based on TCP/IP protocol transfer data, the Most widely used network protocol on the Internet, all WWW files must comply with this standard. HTTP was originally designed to provide a way to publish and receive HTML pages.

The development history

version A time content Current situation of the development of
HTTP / 0.9 In 1991, Does not involve data packet transmission, specifies the communication format between the client and server, can only GET request Not as a formal standard
HTTP / 1.0 In 1996, You can add the PUT, PATCH, HEAD, OPTIONS, and DELETE commands Formally as a standard
HTTP / 1.1 In 1997, Persistent connection (long connection), bandwidth saving, HOST field, pipeline mechanism, block transfer coding It was most widely used before 2015
HTTP / 2.0 In 2015, Multiplexing, server push, header compression, binary protocol, etc Gradually covering the market

This official demo, set up by Akamai, uses HTTP/1.1 and HTTP/2 to request 379 images at the same time. Looking at the time of the request, it is clear that HTTP/2 performance is superior.

Multiplexing: Multiple request-response messages are sent from a single HTTP/2 connection request, and multiple request streams share a TCP connection, enabling multiple connections in parallel rather than relying on the establishment of multiple TCP connections.

HTTP Packet Format

https

What is the HTTPS

Based on HTTP, SSL or TLS provides data encryption, identity verification, and data integrity protection

In the illustrated HTTP book, HTTPS is HTTP in an SSL shell. HTTPS is a transport protocol for secure communication over the computer network. It uses SSL/TLS to establish full-channel communication and encrypt data packets. The primary purpose of HTTPS is to provide identity authentication to web servers and protect the privacy and integrity of the data exchanged.

TLS is a transport layer encryption protocol. It is the predecessor of SSL and was released by Netscape in 1995.

Related Terms and Concepts

  • Asymmetric encryption: An encryption algorithm that uses different keys for encryption and decryption. It is also called public-private key encryption. Asymmetric encryption algorithms require two keys: a publickey and a privatekey. The public key and private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt data. Because encryption and decryption use two different keys, the algorithm is called asymmetric encryption.

  • Symmetric encryption: Symmetric encryption is the fastest and easiest type of encryption. Encryption uses the same secret key as decryption.

Asymmetric encryption uses a pair of keys, a public key and a private key, so it has high security but slow encryption and decryption speed. The solution is to encrypt the symmetric encryption key with the asymmetric encryption public key, and then send it. The receiver uses the private key to decrypt the symmetric encryption key, and then the two parties can use the symmetric encryption to communicate.

  • Hybrid encryption: a combination of asymmetric and symmetric encryption techniques. Clients use generated by symmetric encryption key to encrypt data transmission and then using asymmetric encryption’s public key to the secret key to encrypt, so the network transmission of data is secret key encryption cipher and secret secret key is encrypted with the public key, so even if hackers to intercept, since there is no private key, unable to get the secret key to encrypt plaintext, and can’t get to clear data.

  • Digital digest: The original text is hashes using the one-way hash function to digest the plaintext to be encrypted into a series of ciphertext of fixed length (for example, 128 bits). The results of different plaintext summaries are always different. The summaries of the same plaintext must be the same.

  • Digital signature technology: digital signature is based on public key encryption system, which is another application of public key encryption technology. It combines public key encryption technology with digital abstract technology and forms a practical digital signature technology.

SSL connection establishment process

  1. The client sends a request to the server for Baidu.com, and then connects to port 443 of the server. The information sent is mainly 1** random value and encryption algorithm ** supported by the client.
  2. After receiving the information, the server responds to the client with the handshake information, including the random value 2 and the matched negotiated encryption algorithm. The encryption algorithm must be a subset of the encryption algorithm sent by the client to the server.
  3. The server then sends the second response packet to the client as a digital certificate. The server must have a digital certificate, which can be made by itself or applied to the organization. The difference is that the certificate issued by the user needs to be authenticated by the client before the user can continue to access the certificate, while the certificate applied by a trusted company does not display a prompt page. The certificate is actually a pair of public and private keys. The certificate is actually a public key that contains a lot of information, such as the certificate issuer, expiration time, the public key of the server, the signature of the third-party certificate Authority (CA), and the domain name information of the server.
  4. The client parses the certificate, which is performed by TLS on the client. First, it verifies whether the public key is valid, such as the issuing authority and expiration time. If an exception is found, a warning box is displayed indicating that there is a problem with the certificate. If there is no problem with the certificate, a random value (pre-primary key) is generated.
  5. After the client authentication certificate passes, the session key is then assembled with random value 1, random value 2, and the pre-master key. The session secret key is then encrypted using the certificate’s public key.
  6. Transmit encrypted information. This part of the transmission is the session secret key encrypted with the certificate. The purpose is for the server to decrypt with the secret key to obtain random value 1, random value 2 and the pre-master key.
  7. The server decrypts the random value 1, random value 2 and the pre-master key, and then assembles the session key, which is the same as the client session key.
  8. The client encrypts a message using the session key and sends it to the server to verify whether the server can normally accept the message.
  9. The server encrypts a message with the session key and sends it back to the client. If the client can accept the message, the SSL connection is established.

For details, see HTTP and HTTPS