I occasionally talked about this issue in Zhangshen’s QQ group before. I will write here what I know about the three-way handshake & four-time wave. If there are any mistakes, please give pointers to the big guys passing by .
First of all, let's briefly introduce what is a three-way handshake and what is a four-way wave.
1. Three-way handshake:
C-->S: [SYN] where is syn:synchronization (synchronization)
S-->C: [SYN,ACK] in ack:acknowledgement (confirmation: notification has been received)
C-->S: [ACK] Got it fin:finish (end)
2. Wave four times:
C-->S: [FIN] I want to close the connection
S-->C: [ACK] Got it, wait until I finish sending the data
S-->C: [FIN] I also closed the connection
C-->S: [ACK] OK, got it
First of all, it is clear that the TCP protocol is a reliable transport layer protocol, while the http protocol is an application layer protocol. The so-called three-way handshake and four-way wave are for TCP connections . When establishing a TCP connection, a three-way handshake occurs to ensure that both parties have a basis for communication. When the TCP connection is closed, there will be four waves of hands, which are used to ensure that both parties of the communication can safely wave the data of the TCP communication.
So why do I often hear someone say "Why does the HTTP request require three handshakes & four waves"?
This sentence itself is a bit faulty. As mentioned above, the three-way handshake and four-way wave are aimed at TCP connections. The http protocol itself will not pay attention to this piece, nor will it handle any [SYN], [ACK], [FIN], etc. Just because the existing http protocol uses TCP as the transport layer (the http protocol does not specify which transport layer protocol to use).
So if the transport layer is not using TCP, it is not necessarily a three-way handshake or something.
--------------------------------------Separator------------ -----------------------------
PS: The May 1st holiday, the developers have all run away, and no one has fixed the bug. Order a takeaway and continue to write something.
HTTPS is a secure HTTP channel, in short, the secure version of HTTP. It can be understood as https=http+SSL(TLS). So how does https ensure security? Let me tell a story:
1. A and B communicate through carrier pigeons.
In this case, the third party C can intercept the carrier pigeon to learn the content of the communication between AB.
2. In order to prevent this situation, AB agrees to use an encryption method to transmit information. (Symmetric encryption)
But in this case, AB can't see each other, how to notify the other party of the agreed encryption method?
3. A first sends the carrier pigeon to B, and then B receives the carrier pigeon and sends it back to an open box, and the key is in B's own hands. Then A puts the letter in the box, locks it, and sends it to B. After B receives it, open it with the key to read the new content. (In terminology, the box is called the public key, and the key that opens the box is called the private key) (asymmetric encryption)
In this case, there will be a new problem, how to determine that the box is given by B?
4. B can sign on the box to make a mark
In this case, C can obtain the content of the communication by changing the box by imitating B's signature.
5. Find someone who will sign anyone and everyone trusts that he will only sign and mark the box for certain legitimate people. That is, the person will only sign the box belonging to B (in terminology, this person is called a certification authority) only if he is really sure that the person to sign is B
The story is over, not very detailed. Interested spectators can go to see the corresponding books, here is just a simple explanation of popular science. The two nouns are marked with color, here is a brief explanation:
1) Symmetric encryption: The same key can be used for both encryption and decryption of information, also known as single-key encryption. Simply put, if you know the encryption method, then you also know the decryption method.
2) Asymmetric encryption: Different from symmetric encryption, two keys are needed for encryption and decryption. These two keys are a public key (public key for short) and a private key (private key for short).
Compared with symmetric encryption, asymmetric encryption has better security (after all, it is not necessary to synchronize the key before communication like symmetric encryption). However, its encryption and decryption consumes a long time, the speed is slow, and the performance is poor, and it is only suitable for the encryption of a small amount of data. Therefore, in practical application scenarios, asymmetric encryption is generally used to transmit symmetric encryption keys.
That's all for this blog. Going for a little bit...
___A journey of mountains and rivers, three lives are fortunate