HTTP

HTTP / 1.1

Between 1989 and 1991, Tim Berners-Lee, the inventor of the World Wide Web, or HTTP 0.9 (unofficially named), came out. # The Original HTTP as defined in 1991, The protocol only specifies GET requests.

1996, HTTP/1.0, the official release of RFC 1945. In 1992, a 1.0 draft was available, and it was widely used for the four years leading up to the final revision. (Also since 1.0, there is a diagonal line between HTTP and the version number). Although 1.0 was officially released, at the time it was estimated that 65% of websites were already using HTTP/1.1, the HTTP/1.1 draft.

In January 1997, HTTP/1.1 released RFC 2068 early, either because it was released too soon, or because of the habit of using it before releasing it, so the 1.1 version was updated several times.

In 1999, RFC 2616 overlaid RFC 2068

In 2014, the final version of HTTP/1.1 RFC 7230 ~ 7235 was finalized, indicating that the HTTP/2.0 project was underway.

HTTP/1.0 RFC 1945 (1996)

  1. GET => GET + POST + HEAD, the client can transfer body data, PUT, DELETE, LINK, UNLINK appear in the appendix

  2. Status code definition: 1xx to 5XX

  3. Caching headers appear: Expires, if-modified-since, last-Modified

  4. Authentication request headers: Authorization and wwW-authenticate

HTTP/1.1 RFC 2068 (1997年)

  1. Method: Add PUT, DELETE, OPTIONS, and TRACE. Appendix One more PATCH

  2. More status codes, more specific

  3. This section covers 13 Caching in HTTP. Cache-control, ETag, if-match, if-none-match, if-unmodified-since, last-modified headers appear

  4. Added host request header for multiple servers

  5. Default Connection: keep-alive

  6. Added range request header to support continuous transmission

RFC 2616, a more detailed description of RFC2068, does not seem to add anything different. The same applies to RFC 7230 to 7235.

HTTP / 2.0

In 2012, the HTTP Working Group (HTTPbis) announced the need to start work on a new HTTP/2.0 protocol, possibly considering a design for SPDY.

SPDY, Google’s unofficial agreement, launched in 2009. It can be multiplexed to greatly improve the transmission speed of resources.

In May 2015, HTTP/2.0 released RFC 7540, all browsers that support SPDY, and soon support HTTP/2.0.

In September 2015, Google announced the closure of the SPDY support program

HTTP/2 RFC 7540 (2015年)

  1. Multiplex: HTTP Frames; multiplex: Frame Definitions

  2. Header Compression and DecompressionHPACK algorithm request Header Compression and decompression

  3. 5.3. Stream Priority Stream Priority. Instead of strong queuing, the server can determine the optimal corresponding order.

  4. New method: CONNECT (create tunnel)

  5. 8.2. Server Push Server Push. To reduce requests.

  6. Support TLS1.2 encryption 9.2. Use of TLS Feature, but HTTPS has become the de facto standard, H2C (unencrypted connection) is not supported.

Controversy: Mandatory encryption vs. opportunistic encryption; Queue head congestion caused by multiplexing.

HTTP / 3.0

The first draft will be published in 2020. Instead of TCP, QUIC based on UDP is used to solve the problem of queue head congestion

HTTPS

Encrypt transmitted data to protect against eavesdropping and man-in-the-middle attacks to secure corporate payments or sensitive information.

SSL

SSL, Secure Sockets Layer, designed by Netscape. Named TLS in 1999 RFC 2246.

SSL1.0 was shipped with Netscape Navigator, netscape’s web browser, in 1994, but was not announced due to its lack of security.

In 1995, SSL2.0 was released, but many defects were soon discovered and it was not widely used.

SSL3.0 was released in 1996 and archived in RFC6101 in 2011

SSL should not have been renamed, but as “were a face-saving gesture to Microsoft, “IETF was afraid to publish the Netscape protocol directly, so the name was changed to TLS. In deference to the original technology, SSL has been retained in the technical title (SSL/TLS).

TLS

In 1999, TLS1.0 RFC 2246 was released, essentially identical to SSL3.0.

In 2006, TLS1.1 RFC 4346 was released.

In 2008, TLS1.2 RFC 5246 was released.

In 2018, TLS1.3 RFC 8446 was released.

function

  1. Encrypt it to prevent reading.

  2. Data integrity ensures that you receive what you send.

  3. Identify yourself and prevent relationships with intermediaries.

SSL/TLS handshake

The security protocol SSL/TLS is below the HTTP application layer and above the transport layer.

(photo)

reference

Hypertext Transfer Protocol # The Original HTTP # HTTPS Hypertext Transfer Protocol Version 2 (HTTP/2) Hypertext Transfer Protocol — HTTP/1.1 # HTTP/3 # The TLS Protocol # The Transport Layer Security (TLS) Protocol