What is HTTP

HTTP (HyperText Transfer Protocol): It is the most widely used network protocol on the Internet. It is a client-side and server-side request and response standard (TCP), which is used to transmit hypertext from a WWW server to a local browser. , which can make the browser more efficient and reduce network traffic.

What is HTTPS?

HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer or HTTP over SSL) is a web protocol developed by Netscape.

You can also say: HTTPS = HTTP + SSL
HTTPS uses Secure Sockets Layer as a sublayer on top of HTTP application layer.
The main functions of the HTTPS protocol can be divided into two types: one is to establish an information security channel to ensure the security of data transmission; the other is to confirm the authenticity of the website.

Why do you need HTTPS? The security difference between HTTP and HTTPS

Hypertext Transfer Protocol (HTTP) is a protocol used to transmit and receive information over the Internet. HTTP uses a request/response process so that information can be transferred between servers quickly, easily, and accurately. When you visit a web page you are using the HTTP protocol, but HTTP is not secure and can easily eavesdrop on the data transmission between you and the web server. In many cases, sensitive data is transmitted between client and server and needs to be prevented from unauthorized access. In order to meet this requirement, Netscape (Netscape) introduced HTTPS, which is the HTTP protocol based on Secure Sockets Layer.

The HTTP protocol sends content in clear text and does not provide any form of data encryption. If an attacker intercepts the transmission message between the web browser and the web server, he can directly read the information, so the security is very low. . Simply put, http is the HTTP protocol running on top of TCP. All transmitted content is in clear text, and neither the client nor the server can verify the identity of the other. Therefore, the HTTP protocol is not suitable for transmitting some sensitive information, such as payment information such as credit card numbers and passwords.

In order to solve this defect of the HTTP protocol, another protocol needs to be used: the secure socket layer hypertext transfer protocol HTTPS. For the security of data transmission, HTTPS adds the SSL protocol to HTTP, and SSL relies on certificates to verify the server. , and encrypt the communication between the browser and the server. Compared with http, https is HTTP running on top of SSL/TLS, and SSL/TLS running on top of TCP. All transmitted content is encrypted, and the encryption adopts symmetric encryption, but the key of symmetric encryption is asymmetrically encrypted with the certificate of the server side. In addition, the client can verify the identity of the server, and if client authentication is configured, the server can also verify the identity of the client.

Differences between HTTP and HTTPS

HTTP URLs start with http:// and HTTPS URLs start with https://
HTTP is insecure while HTTPS is secure
HTTP standard port is 80 and HTTPS standard port is 443
In the OSI network model, HTTP works at the application layer, while HTTPS works at the transport layer.
HTTP does not require encryption, while HTTPS encrypts the transmitted data.
HTTP does not require a certificate, while HTTPS requires authentication
. For ca to apply for a certificate, there are generally fewer free certificates, so a certain fee is required.

How does HTTPS work?

When connecting using HTTPS, the server requires a public key and a signed certificate.

When using an https connection, the server responds to the initial connection with the encryption methods it supports. In response, the client selects a connection method, and the client and server exchange certificates to authenticate each other. Once done, transfer the encrypted information making sure to use the same key, then close the connection. In order to provide https connection support, the server must have a public key certificate that contains key information certified by a certificate authority. Most certificates are authorized by a third-party authority to ensure that the certificate is secure.

In other words, HTTPS is the same as HTTP, but with the addition of SSL.
HTTP includes the following actions:

The browser opens a TCP connection. The
browser sends an HTTP request to the server. The
server sends an HTTP response to the browser. The
TCP connection is closed.
SSL consists of the following actions:

Authenticate server-side
Allow client and server-side to choose encryption algorithms and ciphers, ensuring both sides support
Authenticate client side (optional)
to use public key cryptography to generate shared encrypted data
Create an encrypted
SSL connection Pass HTTP requests over that SSL connection
What When is it time to use HTTPS?
Banking websites, payment gateways, shopping sites, landing pages, email, and some corporate sector websites should use HTTPS, such as:

PayPal: https://www.paypal.com
Google AdSense: https://www.google.com/adsense/
If a website asks you to fill in your credit card information, first you need to check whether the page uses https encrypted connection, if not , then please do not enter any sensitive information such as credit card numbers.

browser integration

Most browsers will display a warning message when they receive an invalid certificate, and some older browsers will pop up a dialog box that allows the user to choose whether to continue browsing. New browsers typically display a banner warning message across the entire window, while displaying the site's security information in the address bar. Most browsers will prompt a warning if a website contains a mix of encrypted and non-encrypted content.

Detailed HTTP

Features of HTTP protocol

1. Support client/server mode. 2. Simple and fast: When a client requests a service from the server, it only needs to transmit the request method and path. Commonly used request methods are GET, HEAD, and POST. Each method specifies a different type of contact between the client and the server. Because the HTTP protocol is simple, the program scale of the HTTP server is small, so the communication speed is fast. 3. Flexible: HTTP allows the transmission of any type of data object. The type being transferred is marked by Content-Type. 4. Connectionless: The meaning of connectionless is to limit processing to only one request per connection. After the server processes the client's request and receives the client's response, it disconnects. In this way, transmission time can be saved. 5. Stateless: The HTTP protocol is a stateless protocol. Stateless means that the protocol has no memory capability for transaction processing. The lack of state means that if previous information is required for subsequent processing, it must be retransmitted, potentially resulting in an increased amount of data transferred per connection. On the other hand, the server responds faster when it does not need the previous information.

URL of HTTP protocol

An HTTP URL (a URL is a special type of URI that contains enough information to find a resource) has the following format:
https://host[ “:”port][abs_path]
http indicates that you want to use the HTTP protocol to Locate network resources; host represents a legitimate Internet host domain name or IP address; port specifies a port number, if it is empty, the default port 80 is used; abs_path specifies the URI of the requested resource; if abs_path is not given in the URL, it will be used as a request When URI, it must be given in the form of "/", usually this work browser does it automatically for us.
For example:
1. Input: www.aaa.com.cn and the browser will automatically convert it to: https://www.aaa.com.cn/
2. http:192.168.0.116:8080/index.jsp

HTTP protocol request

An HTTP request message consists of four parts: request line, request header, blank line and request data. The following figure shows the general format of the request message.

write picture description here

request line

The request line is divided into three parts: request method, request address, and protocol version.

request method

There are 8 request methods defined by HTTP/1.1: GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, TRACE.
The two most common are GET and POST. If it is a RESTful interface, GET, POST, DELETE, and PUT are generally used.
GET Request to obtain the resource identified by
the Request-URI POST Append new data
to the resource identified by the Request-URI HEAD Request to obtain the response header of the resource identified by the Request-URI
PUT Request that the server store a resource and use the Request-URI As its identifier
DELETE Requests the server to delete the resource identified by the Request-URI
TRACE Requests the server to send back the received request information, mainly for testing or diagnosing
CONNECT Reservation for future use of
OPTIONS requests to query the performance of the server, or to query resource-related options and requirements

request address

URL: Uniform Resource Locator, an abstract and unique identification method for a voluntary location.
Composition: <protocol>://<host>:<port>/<path>
The port and path can sometimes be omitted (the default port number for HTTP is 80)
write picture description here

request header

The request header adds some additional information to the request message, consisting of "name/value" pairs, one pair per line, separated by colons between the name and value.
Common request headers are as follows:
there will be a blank line at the end of the request header, indicating the end of the request header, followed by the request data, this line is very important and essential.

Protocol version

The format of the protocol version is: HTTP/major version number. Minor version number, commonly used are HTTP/1.0 and HTTP/1.1