1. The difference between https and http
1. Different security
http is a simple request-response protocol, characterized by stateless and clear text transmission
https is actually an encrypted transmission protocol formed by the combination of http and SSL protocols .
If the website adopts the http protocol, because the protocol is not encrypted, it is extremely easy to encounter man-in-the-middle attacks , and users' personal privacy and some sensitive data are easily leaked .
https, because of the existence of the ssl protocol, encrypts the data transmitted between the website and the client before, and there is no data leakage
2. Response speed
Theoretically, http responds faster, because http only needs three handshakes , that is, three packets to establish a connection, while https requires SSL handshake in addition to three handshakes , requiring a total of 12 packets.
3. Port
http and https use two completely different connection methods, the former uses port 80, and the latter uses port 443.
4. Consuming resources
https is an http protocol built on top of SSL, so https will consume more server resources .
5. Display method
Since http is an unencrypted protocol, major browser vendors have begun to support https sites. For example, an http site will be marked as "unsafe" by Google Chrome, etc., and an https site will be marked with a "green security lock" by major browsers. If the website is equipped with an enhanced SSL certificate, the address bar will also change. for "Green Address Bar."
6. Fees vary
For https, you need to purchase and configure an SSL certificate for the website, which will incur a certain fee.
2. Three handshakes, four waves
The full name of the abbreviated field in the following explanation:
- seq: ( seq uence number) sequence number
- ack: ( acknowledgment number) confirmation number
- flag bit:
- SYN : ( SYN chronization) synchronization
- ACK : ( ACK nowlegment) confirmation
- FIN : ( FIN- ish) terminate
1. Three-way handshake
Three-way handshake (Three-way Handshake) actually means that when establishing a TCP connection, the client and the server need to send a total of 3 packets. The main function of the three-way handshake is to confirm whether the receiving and sending capabilities of both parties are normal , and to specify their own initialization sequence number to prepare for subsequent reliable transmission. In essence, it is to connect to the specified port of the server, establish a TCP connection, and synchronize the serial numbers and confirmation numbers of both parties to exchange
TCP窗口大小
information.
-
The first handshake: the client sends a SYN message to the server, and indicates the client's initialization serial number ISN. At this point the client is in state.
SYN_SENT
The synchronization bit of the header is SYN=1, the initial sequence number is seq=x, and the message segment with SYN=1 cannot carry data, but a sequence number is consumed.
-
The second handshake: After receiving the SYN message from the client, the server will respond with its own SYN message, and also specify its own initialization sequence number ISN(s). At the same time, the client's ISN + 1 will be used as the value of ACK, indicating that it has received the client's SYN, and the server is in the current
SYN_RCVD
state at this time.In the confirmation segment, SYN=1, ACK=1, confirmation number ack=x+1, initial sequence number seq=y.
-
The third handshake: After the client receives the SYN message, it will send an ACK message. Of course, it also uses the server's ISN + 1 as the value of the ACK, indicating that it has received the SYN message from the server. At this time, the client in state. After the server receives the ACK message, it is also in the state. At this time, the two parties have established a connection.
ESTABLISHED
ESTABLISHED
The confirmation message segment ACK=1, the confirmation number ack=y+1, the sequence number seq=x+1 (the initial is seq=x, so the second message segment needs to be +1), the ACK message segment can carry data, no Carrying data does not consume serial numbers.
2. Wave four times
Establishing a connection requires three handshakes, and terminating a connection requires four handshakes (there are also four handshakes called four handshakes). This is caused by TCP's half-close . The so-called half-close means that TCP provides the ability for one end of the connection to receive data from the other end after finishing its transmission.
To tear down a TCP connection needs to send four packets, so it is called Four-way handshake, and either the client or the server can actively initiate the handshake.
- The first wave: the client sends a FIN message, which specifies a sequence number. At this point the client is in
FIN_WAIT1
state.
That is, send a connection release segment (FIN=1, sequence number seq=u), stop sending data, actively close the TCP connection, enter the FIN_WAIT1 (termination wait 1) state, and wait for the confirmation of the server. - The second wave: After receiving the FIN, the server will send an ACK message, and use the serial number value of the client + 1 as the serial number value of the ACK message, indicating that the message from the client has been received. At this time, the server in
CLOSE_WAIT
state.
That is, after the server receives the connection release message segment, it sends a confirmation message segment (ACK=1, confirmation number ack=u+1, sequence number seq=v), and the server enters the CLOSE_WAIT (closed waiting) state. At this time, the TCP In the half-closed state, the connection from the client to the server is released. After receiving the confirmation from the server, the client enters the FIN_WAIT2 (termination wait 2) state, waiting for the connection release segment sent by the server. - The third wave: If the server also wants to disconnect, it will send a FIN message and specify a serial number, just like the first wave of the client. The current state of the server
LAST_ACK
.
That is, the server has no data to send to the client, the server sends a connection release segment (FIN=1, ACK=1, serial number seq=w, confirmation number ack=u+1), and the server enters LAST_ACK (final confirmation ) state, waiting for confirmation from the client. - The fourth wave: After receiving the FIN, the client also sends an ACK message as a response, and uses the serial number value of the server + 1 as the serial number value of its own ACK message. At this time, the client is in the state
TIME_WAIT
. It takes a while to ensure that the server will enter the CLOSED state after receiving its own ACK message. After the server receives the ACK message, it will be in the closed connection stateCLOSED
.
That is, after the client receives the connection release message segment from the server, it sends an acknowledgment message segment (ACK=1, seq=u+1, ack=w+1), and the client enters the TIME_WAIT (time waiting) state. At this time, the TCP has not been released, and the client enters the CLOSED state after the time 2MSL set by the time waiting timer has passed.
MSL is the English abbreviation of Maximum Segment Lifetime, which can be translated as "Maximum Segment Lifetime". It is the longest time that any packet exists on the network. After this time, the packet will be discarded.