Initiate HTTP and HTTPS

<Growth essays front end of a kindergarten class size, mistakes and shortcomings, it looks great cattle criticism advice, thank you!>

HTTP/80

Hypertext Transfer Protocol: it is in response to a request based, stateless application layer protocol, the transmission data is often based TCP / IP protocol

Objective: To design is to provide an HTTP publish and receive HTML page method

1. HTTP Features:

   • Stateless: agreement does not state storage for a client to access a Web site requires repeated login operation

   • No connection: HTTP / 1.1, due to the characteristics of the stateless, each request requires four waved through TCP three-way handshake, the server and re-establish the connection [for a short time repeatedly request the same resource, the server can not distinguish whether the user's response had request]

   • Client sends a request, the server response: the response based on the request and

   • Quick and easy

   • Using plaintext communication integrity, the request and response will not confirm the communicating party, the data can not be protected

2. For non-state solution strategy features:

   • By cookie / session technology

   • HTTP / 1.1 persistent connection : request header field Connection: keep-aliveshall indicate the use of persistent connections

3. TCP

   • Transport layer by establishing a connection and server TCP three-way handshake, waving the release of the four connection

   • TCP three-way handshake:

     1. The client sends a connection request to the server

     2. The server receives a request response to the client agreed to establish a connection

     3. The client receives the response of the server, and make sure to establish a connection

     若不采用"三次握手" 那么只要server发出响应同意建立连接,那连接就建立了,如果此时先前发送过来的连接请求是由网络结点长时间滞留,以致延误到连接释放后才到达server的请求,那此时的客户端不会确认服务端的响应,也不会向服务端发送数据,但服务端却会认为连接已经建立,并一直等待客户端发送数据,就会浪费服务端资源

   • TCP fourth wave:

     1. The client sends a FIN packet to the server, shut down the data transfer of the client to the server

     2. Server receives FIN, ACK in response to a

     3. Server sends a FIN to the client, close-to-client connection service

     4. The client returns an acknowledgment ACK

     简单理解:

     1)c告诉s: 我吃饱了

     2)s回应c: 我知道你吃饱了

     3)s告诉c: 我也吃饱了

     4)c和s说: 那结账走吧

4. HTTP principle:

   • Enter client input url Jump

   • Check the Application Cache

     1. Local cache [first determines whether there is]

     2. Proxy Cache [then determines whether there is]

   • DNS to resolve the IP address of the DNS server to get

   • Server on port 80 to listen for client requests

   • Port via TCP / IP protocol (Socket can be achieved) to establish a connection

   • The client sends a request

   • Server response

   • TCP connection is released after four wave

    

HTTPS/443

The HTTPS ( secure hypertext transfer protocol ) by a transport protocol secure computer network communications , communication via HTTP, using SSL / TLS establish full channel, encrypted data, to verify each other's identity and data integrity

+ The HTTP the SSL / full channel establishing the TLS, encrypted data packets

Objective: To provide authentication for Web servers, while protecting the privacy and integrity of data exchange

1. HTTPS Features:

   • Content encryption: the use of hybrid encryption technology, among those who can not view the plain text content directly

     混合加密: 结合非对称加密和对称加密技术

     1)客户端使用对称加密生成密钥对传输数据进行加密

     2)使用非对称加密的公钥再对秘钥进行加密

     -> 网络上传输的数据是被秘钥加密的密文和用公钥加密后的秘密秘钥,因此即使被截取,由于没有私钥,无法获取到加密明文的秘钥,便无法获取到明文数据

   • Authenticate: accessed through a client certificate authentication is own server

   • Data integrity protection: preventing transmission of content are tampered with or posing as an intermediary

2. HTTPS implementation principle

   1. client sends a request to the server, and then connect to the server 443 of the port

   2. The server must have a digital certificate

      • Make your own, you need client-side validation by

      • Apply to the organization, a trusted certificate is not filed for pop-up prompts page

   3. Transfer certificate (public key)

   4. Client certificate parsing

      • Completed by the TLS client, verify that the public key is valid

      • Generating a random value (secret key), and then certificate (public key) to encrypt the random number value

   5. Transmit encrypted information

      • Transmitting the encrypted secret key with the certificate,

   6. Server encryption information

      • With the server private key to decrypt the secret key, the value by which the content of a symmetric encryption

   7. Traffic encryption information

      • Information is the server with the private key encryption, the client may be reduced

   8. The client decryption information

      • Before a client with a server-generated private key to decrypt the information passed over

3. HTTPS drawbacks:

   • SSL certificate purchase costs

   • HTTPS protocol page load times would be extended by 50%, 10% and 20% power

   • HTTP cache HTTPS connection is better efficiency, high cost flow

   • HTTPS connection to the server-side resource consumption is much higher, support for multi-site visitors need to invest greater cost

SSL/TLS

SSL: Secure Sockets Layer,

TLS: Transport Layer Security, it is a transport protocol layer encryption, secure transport layer protocol used to provide privacy and data integrity between two communicating applications

For network communications to provide data integrity and security a secure protocol, the encrypt network connection transport layer

1. SSL security protocol provides the channel characteristics:

   • Confidentiality: SSL protocol uses a key to encrypt communication data

   • Reliability: server and client will be authenticated, client authentication is optional

   • Integrity: SSL protocol data integrity checks will be transmitted

Reference connection: [ https://blog.csdn.net/xiaoming100001/article/details/81109617 ]