Preface: The first of a series of blog posts to prepare for next year’s interview. The main purpose is to help oneself learn computer network knowledge related! I have been doing Android development for about a year and a half, and I feel that I am also interested in Android, so I am deeply engaged in it!!
Interview: What is Http and what is Https
I don’t understand anything except the text, so I don’t understand anything else
Http (HTTP-Hypertext Transfer Protocol) is a simple request-response protocol, which usually runs on TOP of TCP. It specifies what messages the client might send to the server and what responses it might get. The headers of the request and response messages are given in ASCII; The message content has a MIME-like format. This simple model was a major contributor to the early success of the Web because it made development and deployment very straightforward.
Https (Hyper Text Transfer Protocol over SecureSocket Layer) is an HTTP channel aiming at security. Based on HTTP, Https ensures transmission security through transmission encryption and identity authentication. HTTPS adds SSL layer to HTTP. The SECURITY of HTTPS is based on SSL. Therefore, SSL is required for encrypting details. HTTPS has a different default port from HTTP and an encryption/authentication layer (between HTTP and TCP). This system provides authentication and encrypted communication methods. It is widely used for security-sensitive communications on the World Wide Web, such as transactions and payments.
The difference between Http and Https
Http is a hypertext transmission protocol, data transmission in plain text, so packets will be captured, resulting in information leakage, security risks! Https is a secure SSL encrypted transport protocol. Http and Https use completely different connections and use different ports, 80 for Http and 443 for Https. Http connections are simple and stateless. HTTPS is a network protocol that uses SSL and HTTP to encrypt transmission and authenticate identity. The Https protocol requires the CA to pay for a certificate.
HTTP is an application layer protocol. Like other application layer protocols, HTTP is designed to implement a specific type of application, and its functions are implemented by a certain application running in user space. HTTP is a protocol specification that is documented as an implementation of HTTP that really communicates over HTTP. HTTP is a stateless protocol, meaning that the server does not retain any state from transactions with clients. This greatly reduces the memory burden on the server, thus maintaining faster response times. HTTP is an object-oriented protocol. Allows any type of data object to be passed. It identifies the content and size of the data to be transmitted by data type and length, and allows data to be compressed for transmission. When a user defines a hypertext link in an HTML document, the browser establishes a connection with the specified server over TCP/IP.
Note: TLS is an upgraded version of SSL. For details, see Transport Layer Security protocol (TLS).
Https solves the problem
Https is more secure than Http because it uses ciphertext transmission.
1. The problem of trust hosts.
A server that uses HTTPS must request a certificate from the CA to prove the server’s purpose type. The client trusts the secondary host only when the certificate is used for the corresponding server. So now all the banking system websites, the key part of the application is HTTPS. By trusting the certificate, the customer trusts the host. It’s inefficient, but banks are more focused on safety. This point doesn’t make any sense to us, our server uses a certificate whether it issues by itself or from the public place, the client is its own, so we must trust the server.
2. Data leaks and tampering during communication.
(1) In the general sensehttps, it isserverThere is a certificate,
- The main purpose is to ensure that the server is what it claims to be, which is the same as the first point.
- B) All communication between the server and the client is encrypted.
-
- I. Specifically, the client generates a symmetric key and exchanges the key through the server certificate. A handshake in general.
-
- Ii. add that all traffic is encrypted, and there’s no point in a third party intercepting it because he doesn’t have the key, so there’s no point in tampering with it.
(2) in a few cases where there are requirements on the client, the client must also have a certificate.
- Here client certificate, in fact, similar to the expression of personal information, in addition to the user name/password, there is a CA authenticated identity, because personal certificate generally on others can not simulate, so it can further confirm their identity.
- At present a few personal bank professional version is this practice, the specific certificate may be to take a USB disk as a backup carrier.
HTTPS adds SSL/TLS protocol between HTTP and TCP layer, which can solve the above risks:
- Message encryption: Interactive information cannot be stolen, but your account will be lost due to “self-forgetting”.
- Verification mechanism: communication content can not be tampered with, tampered with the normal display, but Baidu “bidding ranking” can still search for spam.
- Certificate of identity: prove that Taobao is real Taobao, but your money will still be lost because of the “chop hands”.
The SSL/TLS protocol can ensure secure communication as long as it does not do evil.
Thanks to the authors of these articles!
TCP three handshakes, four waves, elementary school students can understand! GitHub- Yangkun19921001 – computer network basic knowledge (recommended collection)TCP protocol soul ask, consolidate your network base foundation (recommended collection) 2020 senior Android factory interview secret, for you to protect the three yin4, through dachanglRH1993 core! 30 the illustration HTTP common interview questions Watching the HTTPS, and the interviewer wrangling was no problem HTTPS to solve the problem of what are what are the difference between HTTP and HTTPS HTTP, rounding 】 【 the illustration