HTTP and HTTPS protocol

HTTP protocol

Communication protocol: the server and the client in the form of data exchange

HTTP works : HTTP protocol works on the client - server architecture on. Browser as an HTTP client that is transmitted via the URL request to the HTTP server all Web server, the Web server according to the received request, transmits the response information to the client

Four Points Notes

• HTTP allows the transmission of any type of data object. It is the type of transmission being marked by Content-Type
• HTTP is a connectionless: Meaning No limitation is attached only one request per connection. After the server processes client requests and receives the customer's response, i.e., disconnected. In this way it can save transmission time.
• HTTP is an independent media: This means that, as long as the client and the server knows how to handle the data content of any type of data can be sent via HTTP. The client and server specify the appropriate MIME-type content type.
• HTTP is a stateless: HTTP protocol is stateless protocol. No state is no protocol for transaction processing and memory. If the lack of state means that the subsequent processing required in front of the information, it must be retransmitted, which may result in the amount of data transmitted for each connection is increased. On the other hand, when it does not require previous information in response to a faster server.

The HTTP URL

HTTP uses uniform resource identifier (Uniform Resource ldentifiers, URI) to transmit data and establish a connection. A URL is a special type of URI, contains a resource for finding enough information URL, stands for Uniform Resource Locator, the Chinese called a Uniform Resource Locator , it is used to identify a resource at the address on the Internet. At the following URL as an example, each part of the composition of the next ordinary URL:

http:/www.aspxfans.com:8080/news/index.asp?boardlD=5&ID=24618&page=1#name

As can be seen from the above URL, a full URL includes the following sections:

• Protocol: Protocol for the part of the URL http:, which represents web page using the HTTP protocol. May be used in a variety of Internet protocols, such as HTTP, FTP, etc., used in this example is the HTTP protocol. In httpthe back of //a delimiter
• Domain name parts: the domain name portion of the URL is www.aspxfans.com. A URL, or you can use the IP address as the domain name
• Port sections: following the domain name is to use between the ports, the domain name and port :as a separator. Port is not a mandatory part of the URL, if you omit part of the port, the default port
• Virtual directory section: domain name after the first /start to the last /date, is part of the virtual directory. Virtual directory is not a necessary part of the URL. In this case virtual directory is/news/
• File name parts: from after the last name /beginning to ?date, is the filename part, if not ?, it is from the last one after the domain /start to #date, file part, if not ?, and #then from the last one after the domain /start to the end, it is part of the file name. In this example the file name index.asp. Part of the file name is not a necessary part of the URL, if you omit this part, the default file name
• Anchor part: From #beginning to end, it is part of the anchor. In this embodiment anchor portions are name. Anchor part of the URL is not a necessary part
• Parameters section: from ?the beginning to the #part of the argument between the far part, also known as access cable section, the query part. Parameters of this example is boardlD=5&ID=24618&page=1. Parameter to allow a plurality of parameters, and the parameters between the parameter &as a separator.

HTTP 之 Request

The client sends a request to the server HTTP request message includes the following components:

• Header: often called the request headers, request header is stored in some of the major explanation for the request. Accordingly server to obtain client information.

  • Common request headers:

    accept：浏览器通过这个头告诉服务器，它所支持的数据类型
    Accept-Charset：浏览器通过这个头告诉服务器，它支持哪种字符集
    Accept-Encoding：浏览器通过这个头告诉服务器，支持的压缩格式
    Accept-Language：浏览器通过这个头告诉服务器，它的语言环境
    Host：浏览器通过这个头告诉服务器，想访问哪台主机
    If-Modified-since：浏览器通过这个头告诉服务器，缓存数据的时间
    Referer：浏览器通过这个头告诉服务器，客户机是哪个页面来的防盗链
    Connection：浏览器通过这个头告诉服务器，请求完后是断开链接还是保持链接   ★★★
    X-Requested-with：XMLHttpRequest代表通过ajax方式进行访问
    User-Agent：请求载体的身份标识    ★★★

• Message body: request body is often called, is stored in the request body to be transmitted / data transmitted to the information server

HTTP 之 Request

The server returns a HTTP response to the client the response message includes the following components:

• Status Code: to "clear" language tells the client processing the results of this request. HTTP response status code is composed of five segments:

  • 1xx: usually tell the client, a request has been received and is being processed
  • 2xx: successful treatment, generally indicates that the request has been received, I understand what you want, the request has been accepted, and other information have been processed
  • 3xx: Redirection elsewhere. It then allows the client to initiate a request to complete the entire process
  • 4xx: error processing takes place, the responsibility of the client, such as client requests a resource that does not exist, the client is not authorized to prohibit access, etc.
  • 5xx: error processing occurs, the responsibility in the service side, such as the server throws an exception, routing error, HTTP version does not support, etc.

• Response Headers: Details Responses show. Common response headers have

  Location：服务器通过这个头，来告诉浏览器跳到哪里
  Server：服务器通过这个头，告诉浏览器服务器的型号
  Content-Encoding：服务器通过这个头，告诉浏览器，数据的压缩格式
  Content-Length：服务器通过这个头，告诉浏览器回送数据的长度
  Content-Language：服务器通过这个头，告诉浏览器语言环境
  Content-Type：服务器通过这个头，告诉浏览器回送数据的类型    ★★★
  Refresh：服务器通过这个头，告诉浏览器定时刷新
  Content-Disposition：服务器通过这个头，告诉浏览器以下载方式打数据
  Transfer-Encoding：服务器通过这个头，告诉浏览器数据是以分块方式回送的
  Expires：-1 控制浏览器不要缓存
  Cache-Control：no-cache 
  Pragma：no-cache

• In response to the body: the information specified by the client according to the request, and transmits the specified data to the client

HTTPS protocol

The concept: HTTPS (Secure Hypertext Transfer Protocol) secure hypertext transfer protocol, HTTPS SSL encryption layer is built on HTTP, and encrypt data is secure version of the HTTP protocol.

Encryption uses HTTPS

SSL encryption

SSL encryption technology employed is called "Shared Key", also called "symmetric key encryption", this encryption method is such that, for example client sends a message to the server, the first client using known algorithms when information is encrypted, such as MD5 or Base64 encryption, the receiving end decrypts the encrypted information need to use a key, the intermediate key is passed, (encryption and decryption are the same), the transmission is a key intermediate encrypted. This approach seems safe, but there are still potentially dangerous, once tapped, support or information, it is possible to crack the key, and break the information. Therefore, "shared key encryption" security risk this way.

Asymmetric encryption secret key

When using the "asymmetric encryption" There are two locks, one called the "private key", a "public key", when using asymmetric encryption encryption method, the server tells the client according to their own first given the public key encryption, in accordance with the client after the public key encryption, the server receives information and then decrypt it, using their own private key to decrypt the benefits of doing so is the key would not carry out transmission and, therefore, avoid the risk of being kidnapped. Even if the public key is to get the eavesdropper, it is difficult to decrypt, decryption process because of the discrete logarithm evaluated, this is not easily able to do. The following asymmetric encryption schematics:

But the asymmetric secret key encryption technology has the following disadvantages:

• The first is: how to ensure the receiving end sends the time disclosed the secret key to the transmission side, the transmission side in advance to ensure that the received transmission, without being sandwiched. As long as the key is sent, there may be at risk of being held hostage.
• The second is: asymmetric encryption method is relatively inefficient, it is more complicated to handle, during communication have a certain influence on the communication speed and efficiency

HTTPS certificate mechanism

In the above, we talk about the shortcomings of asymmetric encryption, the first of which is the presence of the public key is likely to be kidnapped, the public key can not guarantee that the client receives the server's public key is released. At this time, there is caused a public key certificate mechanism. Certificate authority is a third party client and server are trusted. DETAILED communication process certificate as follows:

• 1: Server developers to carry public key, the public key to apply to the certificate authority, certificate authority to recognize the identity of the applicant, after approval, the public key of the application developer will do digital signing, and then assign the public key has been signed certificate and key on the inside, bound together
• 2：服务器将这份数字证书发送给客户端，因为客户端也认可证书机构，客户端可以通过数字证书中的数字签名来验证公钥的真伪，来确保服务器传过来的公开密钥是真实的。一般情况下，证书的数字签名是很难被伪造的，这取决于认证机构的公信力。一旦确认信息无误之后，客户端就会通过公钥对报文进行加密发送，服务器接收到以后用自己的私钥进行解密。