Hypertext Transfer Protocol: it is in response to a request based, stateless application layer protocol, the transmission data is often based TCP / IP protocol
Objective: To design is to provide an HTTP publish and receive HTML page method
HTTP Features:
Stateless: agreement does not state storage for a client to access a Web site requires repeated login operation
No connection: HTTP / 1.1, due to the characteristics of the stateless, each request requires four waved through TCP three-way handshake, the server and re-establish the connection [for a short time repeatedly request the same resource, the server can not distinguish whether the user's response had request]
Client sends a request, the server response: the response based on the request and
Quick and easy
Using plaintext communication integrity, the request and response will not confirm the communicating party, the data can not be protected
For non-state solution strategy features:
By cookie / session technology
HTTP / 1.1 persistent connection : request header field
Connection: keep-alive
shall indicate the use of persistent connectionsTCP
Transport layer by establishing a connection and server TCP three-way handshake, waving the release of the four connection
TCP three-way handshake:
The client sends a connection request to the server
The server receives a request response to the client agreed to establish a connection
The client receives the response of the server, and make sure to establish a connection
若不采用"三次握手" 那么只要server发出响应同意建立连接,那连接就建立了,如果此时先前发送过来的连接请求是由网络结点长时间滞留,以致延误到连接释放后才到达server的请求,那此时的客户端不会确认服务端的响应,也不会向服务端发送数据,但服务端却会认为连接已经建立,并一直等待客户端发送数据,就会浪费服务端资源
TCP fourth wave:
The client sends a FIN packet to the server, shut down the data transfer of the client to the server
Server receives FIN, ACK in response to a
Server sends a FIN to the client, close-to-client connection service
The client returns an acknowledgment ACK
简单理解:
1)c告诉s: 我吃饱了
2)s回应c: 我知道你吃饱了
3)s告诉c: 我也吃饱了
4)c和s说: 那结账走吧
HTTP principle:
Enter client input url Jump
Check the Application Cache
Local cache [first determines whether there is]
Proxy Cache [then determines whether there is]
DNS to resolve the IP address of the DNS server to get
Server on port 80 to listen for client requests
Port via TCP / IP protocol (Socket can be achieved) to establish a connection
The client sends a request
Server response
TCP connection is released after four wave
HTTPS/443
The HTTPS ( secure hypertext transfer protocol ) by a transport protocol secure computer network communications , communication via HTTP, using SSL / TLS establish full channel, encrypted data, to verify each other's identity and data integrity
+ The HTTP the SSL / full channel establishing the TLS, encrypted data packets
Objective: To provide authentication for Web servers, while protecting the privacy and integrity of data exchange
HTTPS Features:
Content encryption: the use of hybrid encryption technology, among those who can not view the plain text content directly
混合加密: 结合非对称加密和对称加密技术
1)客户端使用对称加密生成密钥对传输数据进行加密
2)使用非对称加密的公钥再对秘钥进行加密
-> 网络上传输的数据是被秘钥加密的密文和用公钥加密后的秘密秘钥,因此即使被截取,由于没有私钥,无法获取到加密明文的秘钥,便无法获取到明文数据
Authenticate: accessed through a client certificate authentication is own server
Data integrity protection: preventing transmission of content are tampered with or posing as an intermediary
HTTPS implementation principle
client sends a request to the server, and then connect to the server 443 of the port
The server must have a digital certificate
Make your own, you need client-side validation by
Apply to the organization, a trusted certificate is not filed for pop-up prompts page
Transfer certificate (public key)
Client certificate parsing
Completed by the TLS client, verify that the public key is valid
Generating a random value (secret key), and then certificate (public key) to encrypt the random number value
Transmit encrypted information
Transmitting the encrypted secret key with the certificate,
Server encryption information
With the server private key to decrypt the secret key, the value by which the content of a symmetric encryption
Traffic encryption information
Information is the server with the private key encryption, the client may be reduced
The client decryption information
Before a client with a server-generated private key to decrypt the information passed over
HTTPS drawbacks:
SSL certificate purchase costs
HTTPS protocol page load times would be extended by 50%, 10% and 20% power
HTTP cache HTTPS connection is better efficiency, high cost flow
HTTPS connection to the server-side resource consumption is much higher, support for multi-site visitors need to invest greater cost
SSL/TLS
SSL: Secure Sockets Layer,
TLS: Transport Layer Security, it is a transport protocol layer encryption, secure transport layer protocol used to provide privacy and data integrity between two communicating applications
For network communications to provide data integrity and security a secure protocol, the encrypt network connection transport layer
SSL security protocol provides the channel characteristics:
Confidentiality: SSL protocol uses a key to encrypt communication data
Reliability: server and client will be authenticated, client authentication is optional
Integrity: SSL protocol data integrity checks will be transmitted
Reference connection: [ https://blog.csdn.net/xiaoming100001/article/details/81109617