I’ve been thinking about writing this article for a long time, and I was going to wait until HTTPS was available for applications. However, time is running out. I feel that our project is under the pressure of demand, and there is no one and energy to improve this part. But I don’t want my research to go to waste, so I’m going to write down here what I know about HTTPS.
HTTP protocol
First of all, I’m not going to go into it very deeply, even though I’ve spent a lot of time studying it. The main reason is that I take into consideration that 1, I have not systematically studied this piece of knowledge, so the explanation will be superficial. 2, even if you understand this thing will not necessarily tell you clearly this thing. In view of the above two items, I decided to focus on HTTP: 1. Basic concepts of HTTP 2. Three-way HTTP handshake 3
1. Basic concepts of HTTP:
Hypertext Transfer Protocol (HTTP) is a communication protocol that allows hypertext Markup Language (HTML) documents to be sent from a Web server to a browser on a client.
HTTP protocol, also known as hypertext transfer protocol. A data transfer protocol that specifies the rules for communication between the browser and the World Wide Web server, delivering World Wide Web documents over the Internet.
HTTP is a transport protocol used to transfer hypertext from the World Wide Web server to the local browser. It can make browsers more efficient and reduce network traffic. It not only ensures that the computer transfers the hypertext document correctly and quickly, but also determines which parts of the document to transfer and which parts of the content to display first (e.g. text before graphics).
HTTP is an application layer protocol, composed of requests and responses, and is a standard client-server model.
The HTTP protocol is always about the client making the request and the server sending back the response. This limits the use of the HTTP protocol and prevents the server from pushing messages to the client when the client does not initiate a request.
The main characteristics of HTTP protocol can be summarized as follows: 1, support client/server mode. Basic authentication and security authentication are supported. 2, simple and fast: when customers request service to the server, only need to transmit the request method and path. The commonly used request methods are GET, head and POST. Each method specifies a different type of contact between the client and the server. Because HTTP protocol is simple, the HTTP server program size is small, so the communication speed is very fast. 3. Flexibility: HTTP allows the transfer of data objects of any type. The Type being transferred is marked by content-Type. 4, HTTP 0.9 and 1.0 use non-continuous connection: limit each connection to only one request, the server processed the customer’s request, and received the customer’s response, the connection is disconnected. HTTP 1.1 uses persistent connections: Instead of creating a new connection for each Web object, a connection can transmit multiple objects, saving transfer time. Stateless: HTTP is a stateless protocol. Stateless means that the protocol has no memory for transaction processing. The lack of state means that if the previous information is needed for subsequent processing, it must be retransmitted, which can result in an increase in the amount of data transferred per connection.
2. HTTP three-way handshake
One of the things that’s bound to come up when you talk about HTTP is the three-way handshake, the three-way handshake, and it’s really easy to think about when you really understand the problem. The first thing you need to understand is what are the three waves for? In THE TCP/IP protocol, TCP provides reliable connection service, using the three-way handshake to establish a connection. As shown in the figure below
(1)
(2)
(3)
3. Four HTTP waves
Because the TCP connection is full-duplex, each direction must be closed separately. The principle is that a party can send a FIN to terminate the connection in that direction when it has finished sending its data. Receiving a FIN only means that there is no data flow in that direction, and a TCP connection can still send data after receiving a FIN. The party that closes first performs an active shutdown and the other party performs a passive shutdown. As shown in the figure below
4. Common HTTP methods and usage scenarios
HTTP has many methods, including: 1. GET: used to request access to resources identified by the URL (Uniform Resource Identifier), which can be sent to the server. 2. POST: Transmits information to the server. It is similar to Get, but POST is recommended. 3. PUT: transfers the file. The packet body contains the file content and saves the packet to the corresponding URL. 4. HEAD: obtains the packet HEAD, which is similar to GET but does not return the packet body. It is generally used to verify whether the URL is valid. 5. DELET: Deletes a file. In contrast to PUT, delete the file at the corresponding URL. 6. OPTIONS: Query HTTP methods supported by the corresponding URL. A get request is usually used to get data, while a POST request is usually used to send data. A GET request is expected to have no impact on the server, whereas a POST request might affect server-side data. A GET request consumes less resources than a POST request, but is less secure. Get requests are up to twice as efficient as POST requests when sending the same amount of data.
(2) Generally, according to the convention, when using GET request, data will be transmitted through URL, but when using POST request, data will be placed in body. This isn’t a hard and fast rule, though, because Method and data are themselves orthogonal. A POST request can also put data in a URL.
(3) In terms of the low-level implementation of the protocol, only one TCP packet is generated in the GET request. The browser will send the header and data together and wait for the response from the server. In a POST request, two TCP packets are generated. The browser sends the header, the server responds with 100 continue, and the browser sends data.
5. Common HTTP status codes
Status code | The response categories | The reason the phrase |
---|---|---|
1XX | Informational status code (Informational) | The server is processing the request |
2XX | Success status Code (Success) | The request has been processed normally |
3XX | Redirection status code | Additional action is required to complete the request |
4XX | Client Error status code | The server cannot process the request due to client problems |
5XX | Server Error status code | The server failed to process the request. Procedure |
In general, the useful things of my current project are: 200 OK request processed successfully 204 No Content Request processed successfully No entity body returns 304 Not Modified The conditional Request sent by the entity is Not met. 400 Bad Request Message syntax error or parameter error 401 Unauthorized HTTP authentication is required. 404 Not Found The requested resource cannot be Found (the Server rejects the request without any reason) 500 Internal Server Error The Server is faulty or the Web application is faulty 503 Service Unavailable The server is overloaded or down for maintenance
2. HTTPS Overview
HTTPS? It can be interpreted as HTTP+SSL/TLS, that is, adding SSL layer under HTTP. SSL is the security foundation of HTTPS. Therefore, SSL is required for encrypted details, which is used for secure HTTP data transmission. As we all know, when we use HTTP protocol, data exchange is in plain text, which will bring great information security, so HTTPS was introduced. Where am I? This paper mainly describes HTTPS symmetric encryption and asymmetric encryption. Later, when I really start to write the algorithm chapter, I will focus on a few encryption algorithms THAT I study.
1, symmetric encryption
What about symmetric encryption? In an inappropriate analogy, Xiao Ming and Xiao Hong fall in love with each other at school, but are afraid of being discovered by their parents. So they had an idea. They put a box under a big tree and locked it up. If Xiao Hong writes a letter to Xiao Ming, tell Xiao Ming to take the key and put the letter in the box. It is the same for Xiao Ming to get letters. The key of Ming and Hong is like the public key of both parties in symmetric encryption. The data can be encrypted through the public key and decrypted through the public key that they only know about. This encryption method to a certain extent to achieve the effect of encryption. The advantages of this method are as follows: symmetric encryption algorithm has the advantages of open algorithm, small computation, fast encryption speed and high encryption efficiency. However, if the key of Xiao Ming and Xiao Hong is lost, that is, the public key of the secret parties is lost, or the key of Xiao Ming and Xiao Hong is leaked, that is, the decryption method of the public key is leaked, so the effect of encryption will not be achieved. I have an inappropriate animation here
A back
Two back
Three back
Four back
2, asymmetric encryption
Since symmetric encryption has a large degree of defects. So the clever computer pioneers invented asymmetric encryption. What about asymmetric encryption? How it works: First party B generates a pair of keys (public key and private key) and discloses the public key to other parties. Then Party A who obtains the public key encrypts the confidential information with the key and sends it to Party B. Finally, Party B uses another special key (private key) saved by itself to decrypt the encrypted information. Party B can only use its private key (private key) to decrypt the information encrypted by the corresponding public key. And vice versa. In this case, even if an attacker intercepts the ciphertext and obtains user B’s public key during transmission, the ciphertext cannot be decrypted because only user B’s private key can decrypt the ciphertext. This approach enhances data security to a certain extent. However, the disadvantage of asymmetric encryption is that it takes a long time to encrypt and decrypt, and the speed is slow. It is only suitable for encrypting a small amount of data. I also drew an animation here.
A back
Two back
Three back
Finally, a few words about HTTPS and HTTP
1. Basic Concepts:
HTTP is the most widely used network protocol on the Internet. It is a client – and server-side request and response (TCP) standard used to transfer hypertext from the World Wide Web server to the local browser. It can make browsers more efficient and reduce network traffic.
HTTPS: an HTTP channel that aims at security. In short, it is the secure version of HTTP, that is, ADDING SSL layer under HTTP. The SECURITY foundation of HTTPS is SSL, so SSL is required for encrypting details. The HTTPS protocol has two main functions. One is to establish an information security channel to ensure the security of data transmission. Another is to verify the authenticity of the site.
What is the difference between HTTP and HTTPS
1. HTTPS requires a ca to apply for a certificate. Generally, there are few free certificates, so some fees are required. 2. HTTP is a hypertext transmission protocol, and information is transmitted in plain text. HTTPS is a secure SSL encryption transmission protocol. 3. HTTP and HTTPS use completely different connections and use different ports, the former 80 and the latter 443. 4. HTTP connections are simple and stateless; HTTPS is a network protocol that uses SSL and HTTP to encrypt transmission and authenticate identity. It is more secure than HTTP.
Said in the last
In fact, this article should have been written long ago, but they suffer today to publish the reason is still relatively delayed cancer precursor. In fact, this article is not the whole of my research, but the purpose of this article is to give you a general understanding of HTTPS and HTTP. Well, recently advocated early to bed, early to rise will not continue to write. Prepare to hand draw some symmetric/asymmetric diagrams to help you understand this. If you have a good drawing tool, please tell me, otherwise I can’t look at my hand drawing.