HTTP, HTTPS request process

The process of an HTTP request:

  1. Establish a connection: The client establishes a connection with the server through a TCP three-way handshake.
  2. Send request: The client sends an HTTP request message to the server, which includes information such as request method, URL, protocol version, request header, and request body.
  3. Server processing request: The server accepts and parses the request message sent by the client, and invokes the corresponding resource for processing.
  4. The server returns a response: the server returns an HTTP response message to the client, and the message includes information such as a status line, a response header, and a response body.
  5. The client receives the response: the client receives the response message returned by the server, parses and processes the message, and displays the response result or performs other operations as required.
  6. Disconnect: When all the data has been transferred, the TCP connection between the client and the server is closed.

It should be noted that HTTP is a stateless protocol, which means that each request is independent, and the server will not save any information about the client. If you need to keep the client state, you can use Cookie technology to achieve.

The basic process of an HTTPS request:

  1. The client sends an HTTPS request to the server.
  2. The server sends its own public key to the client in the form of a digital certificate.
  3. After the client receives the digital certificate, it will use the built-in CA certificate to verify the identity of the server and extract the server's public key.
  4. The client generates a random number and encrypts that random number with the server's public key. This way, only the server can decrypt the nonce.
  5. The client sends the encrypted random number to the server.
  6. The server uses its own private key to decrypt the encrypted random number to obtain the random number sent by the client.
  7. The server uses the random number sent by the client and the random number generated by the server to jointly generate a key, which is used to encrypt subsequent HTTP communications.
  8. The server encrypts the HTTP response content using the generated key, and returns the encrypted HTTP response to the client.
  9. The client uses the previously generated random number and the key generated by the server to decrypt the HTTP response and get the final HTTP response.

Through the above steps, the HTTPS protocol provides a security protection mechanism, so that the communication between the client and the server will not be eavesdropped, tampered or forged.

Guess you like