One, foreword

Only a bald head can be strong

HTTP Blog review:

  • PC side: HTTP is that simple
  • PC: HTTP interview questions are here
  • Wechat official account side: HTTP is so simple
  • The HTTP interview questions are all here

This article strives to explain each point of knowledge simply, hopes that we can have a harvest after reading

2. The afterlife of HTTP protocol

Recently, while reading blogs, I found that some interview questions have already been tested for HTTP/2, so I went along with it.

So far, there are three versions of the HTTP protocol:

  • HTTP1.0
  • HTTP1.1
  • HTTP/2

Here’s a quick rundown of the differences between the three and some extra points you might need to know.

2.1 Differences between HTTP versions

2.1.1 Differences between HTTP1.0 and HTTP1.1

The main differences between HTTP1.0 and HTTP1.1 are:

  • HTTP1.1 defaults to persistent connections!

In HTTP1.0 the default is short connection:

Simply put: Every time you interact with the server, you need to open a new connection!

Think about it: request an image, open a new connection, request a CSS file, open a new connection, request a JS file, open a new connection. HTTP protocol is based on TCP, TCP each through three handshakes, four waves, slow start… This all needs to consume our very many resources!

In HTTP1.1, persistent connections are used by default: establish a connection, multiple requests are completed by the same connection! (If blocked, a new TCP connection will still be opened.)

There are other important changes to persistent connections:

  • HTTP 1.1 Added the host field
  • HTTP 1.1 introducedChunked transfer-coding, scope request, implement breakpoint continuation (actually use HTTP header to block transfer encoding, entity body block transfer)
  • HTTP 1.1 Pipelining allows a client to make multiple HTTP requests at the same time without waiting for a response
    • Note: This pipelining is just a theoretical scenario, and most desktop browsers still choose to turn HTTP Pipelining off by default!
    • So now using HTTP1.1 protocol applications, it is possible to open multiple TCP connections!

References:

  • www.cnblogs.com/gofighting/…

2.1.2 HTTP2 basis

HTTP2和HTTP1.1

  • http2.akamai.com/demo

As mentioned above, HTTP 1.1 introduces the theory of pipelining, but only at the theoretical stage and this feature is turned off by default.

The difference between pipelining and de-pipelining:

HTTP Pipelining is a process that combines multiple HTTP requests into a TCP connection and sends them one by one without waiting for a response from the server. However, the client still receives the response in the same order it sent the request!

Like the cashier in the supermarket or in the bank counter, the customer in front of you don’t know is neat altogether or will follow the cashier/teller struggled to the end of the world, no matter how to say, the server (that is, the cashier/teller) is to process the request in accordance with the order, if before a request is very time-consuming linger (customers), and subsequent requests will be affected.

  • In HTTP1.0, when you send a request, you wait for the server to respond before you can continue sending the request.
  • In HTTP1.1, a request can be sent without waiting for the server to respond, but the client still needs to receive the data in the order of the response
  • So whether HTTP1.0 or HTTP1.1 introduced Pipelining theory, it still gets blocked. Technically speaking, this condition is called Head of line blocking

2.1.3 Differences between HTTP1.1 and HTTP2

The most important difference between HTTP2 and HTTP1.1 is that it eliminates thread blocking! The most important of these changes is: Multiplexing

  • Multiplexing means that header blocking is no longer a problem, allowing simultaneous initiation over a single HTTP/2 connectionMultiple request-response messagesThe optimization of merging multiple requests into one will no longer apply.
    • Pipelining in HTTP1.1 is not implemented at all. In order to reduce the number of HTTP requests, several operations merge multiple requests, such as: Spriting, Inlining, Concatenation, Sharding,……

HTTP2 might look something like this:

At the heart of all of HTTP2’s performance enhancements lies the new binary framing layer (no longer transmitted as text), which defines how HTTP messages are encapsulated and transmitted between clients and servers.

The header and body parts of the original http1. x format are wrapped in a frame

Each frame transmitted over an HTTP2 connection is associated with a “stream”. A stream is an independent, bidirectional sequence of frames that can be exchanged continuously between a server and a client over an HTTP2 connection.

Actually during transportation:

There are also some important changes to HTTP2:

  • HTTP/2 header compression using HPACK
  • Server push
    • HTTP2 push data: segmentfault.com/a/119000001…
  • Flow control
    • Control for streams in transit (TCP’s default granularity is for connections)
  • Stream Priority Is used to tell the peer end which Stream is more important.

2.2 HTTP2 summary

HTTP1.1 New changes:

  • A persistent connection
  • Request pipelining
  • – Added cache handling (new fields such as cache-control)
  • Add Host field, support breakpoint transmission, etc

HTTP2 new changes:

  • Binary framing
  • multiplexing
  • The head of compression
  • Server push

References:

  • HTTP2 GitBook ebook (Chinese version) : legacy.gitbook.com/book/ye11ow…
  • What are the major improvements in HTTP/2.0 over 1.0? www.zhihu.com/question/34…
  • HTTP / 2 new features analyses: segmentfault.com/a/119000000…
  • HTTP2 learning materials: imququ.com/post/http2-…
  • HTTP2 profile and HTTP2 based Web optimization: caibaojian.com/toutiao/664…
  • Introduction to http2 principles: blog.qingf.me/? p=600
  • What are the big improvements HTTP/2 has made to today’s web access? Where is it reflected? www.zhihu.com/question/24…
  • HTTP / 2 flow and multiplexing of notes: www.blogjava.net/yongboy/arc…

2.3HTTPS Review again

Before, I was asked about HTTPS and SSL in the interview, but I didn’t answer them. Here is a brief summary.

First, to explain the basics:

  • Symmetric encryption:
    • Encryption and decryption use the same key
  • Asymmetric encryption:
    • Encrypt with a public key, decrypt with a private key
    • (Private key only oneself know, public key everybody knows)
  • Digital Signature:
    • Verify that the transmitted content is the data sent by the peer party
    • The data sent has not been tampered with
  • Digital Certificate Authority (CA)
    • The authentication authority certifies that the data was sent by a real server.

3Y’s way of communication:

  • Ancient times: 3Y and his girlfriend chat data transmission without any encryption, direct transmission
    • There is no privacy at all
  • Ancient times: Symmetric encryption was used to ensure that only two people knew about the data being transmitted
    • At this point, there is a problem: the key cannot be transmitted over the network (because it is not secure until it is encrypted), so 3Y and his girlfriend make an appointment to meet, tell each other the password, and then chat.
  • Middle Age: 3Y not only talk to your girlfriend, but also talk to your parents. There are so many people out there, are they supposed to meet each other every time? (Indicating that maintaining multiple symmetric keys is cumbersome!) So asymmetric encryption is used
    • 3Y keeps a copy of its own password, unique (private key). Tell 3Y’s girlfriend, mom and dad a password (this password is public, anyone can take -> public key). Before they send me a message, encrypt it with the code I told them and send it to me. I received the message, with their own unique private key decryption can be!
  • Modern: now there is a problem: although others do not know what the private key is, can not get youThe original transmissionBut with access to encrypted data, they canGet rid ofSome part of the data is sent to the server, so that the server gets the dataincomplete.
    • 3Y’s girlfriend sent 3Y a message “3Y I like you”, which was encrypted with the public key given by 3Y and sent to 3Y. Now the malicious person intercepts this encrypted message, he can not crack the original message. But he can modify the encrypted data and pass it to 3Y. Maybe the data 3Y gets is “3Y, you’re on your keyboard tonight.”
  • Modern: The data may have been tampered with, and we can use digital signatures to solve the problem. In fact, digital signature can also be regarded as a method of asymmetric encryption. It is like this: Obtain the hash value of the original information, encrypt the hash value with the private key, decrypt the hash value with the public key, and check whether the hash value has changed. If it changes, it’s been tampered with. (One end is encrypted with a private key and the other is decrypted with a public key, also ensuring the source)
  • Now now: Seems to use digital signature is foolproof, in fact there are problems. When we use asymmetric encryption, we use public keys for encryption. If the public key has been forged, the digital signature behind it is virtually meaningless. We now have a CA to verify the public key’s authenticity.

For digital signature and CA authentication or not quite understand the reference

  • Nguyen one: www.ruanyifeng.com/blog/2011/0…
  • What are digital signatures and certificates? www.jianshu.com/p/9db57e761…

Going back to HTTPS, HTTPS is simply an SSL layer on top of HTTP.

HTTPS uses a hybrid encryption mode:

Here’s how it works:

  • The user makes a request to the Web server for a secure connection
  • The server returns a ca-certified digital certificate containing the server’s public key.
  • The user gets the digital certificate and decrypts the public key of the server using the CA certificate built into the browser
  • The user encrypts a key for the following symmetric encryption algorithm with the server’s public key and passes it to the Web server
    • Since only the server has a private key to decrypt, there is no need to worry about middlemen intercepting the encrypted key
  • The server takes the encrypted key, decrypts it, and then uses a symmetric encryption algorithm to complete the following network communication with the user

So HTTPS transport is more secure than HTTP

  • (1) All information is encrypted and cannot be eavesdropped by hackers.
  • (2) With verification mechanism, once tampered, communication parties will immediately discover.
  • (3) Equipped with identity certificate to prevent identity from being impersonated.

References:

  • What is the relationship between digital signature, digital certificate, SSL, and HTTPS? www.zhihu.com/question/52…
  • Introduction to working principle of the SSL/TLS: zhuanlan.zhihu.com/p/36981565
  • HTTPS:tech.upyun.com/article/192…
  • The website HTTP HTTPS configuration completely manual: www.cnblogs.com/powertoolst…

Third, summary

I just in the process of learning, to write out their own problems, sorted out, I hope it can be helpful to everyone. If there are any mistakes in the article, I hope you can correct them in the comments section

References:

  • Illustrated HTTP

If the article has the wrong place welcome to correct, everybody exchanges with each other. Students who are used to reading technical articles on wechat and want to get more Java resources can follow the wechat public account :Java3y.

Article table of Contents navigation:

  • Zhongfucheng.bitcron.com/post/shou-j…