Two Gouzi unknown is the webmaster of a site, he is keen to share some of their daily work and life, through the blog and other technology, determined to become the most beautiful night sky of Aberdeen.
However, some time ago there are several user feedback, the site will always inexplicable xx jump to a website, in addition to access speed is a bit slow. As the most beautiful night sky of Aberdeen, how could such a thing will hijack user problems, so the station's rapid enabled HTTPS. The site is secure, but is there any way you can speed up access, two Gouzi once again lost in thought.
HSTS
A dead of night, two Gouzi started reading HTTPS. He searched HTTPS transmission from Wikipedia, only familiar with the whole process in order to better understand how to optimize HTTPS.
Although the two Gouzi think HTTPS is enabled, but could not confirm that the user is direct access http: // or HTTPS: // , according to the general user habits are input directly to the site domain name, and then add the protocol type directly from the browser. But this there is a problem, if the site is set when a user accesses the domain name when forced https were 301 or 302 jumps, but this process using HTTP therefore prone to hijacking, attacks by third parties.
What better way to avoid this situation? Saying that there is a shield spear, two Gouzi depth study found HSTS is to avoid this situation.
HSTS is an international organization IETF Internet Engineering is pursuing a new Web security agreement, the site uses HSTS, without having to manually enter in the address bar when users visit https: //, the browser will automatically use HTTPS to access the Web site address, to ensure that users always have access to the encrypted link to the site, to protect data transmission security.
HSTS is mainly transmitted in response modes in the first control operation of the browser by a server;
- : First, add the header in the server response
Strict-Transport-Security: [; includeSubDomains] max-age = expireTime [; preload] - Max-age setting parameters, the maximum recommended to set for 6 months;
- When the user next time you use http access, the client will jump 307 internally;
Open HSTS can effectively prevent attacks, while eliminating 301/302 jump time, greatly enhance the safety factor of the site and the user experience.
HTTP/2
After opening HSTS, two Gouzi more excited, we decided not to continue in-depth study of sleep.
Two Gouzi mixed in the IT sector for so long, have frequently heard that HTTP / 2, but does not understand HTTP / 2 What are the "mighty" place, so he opened a research trip.
HTTP / 2 is the HTTP protocol Since 1999 HTTP 1.1 release of the first update is mainly based on SPDY protocol. It is developed by the Internet Engineering Task Force (IETF) in the Hypertext Transfer Protocol Bis (httpbis) Working Group. The organization in December 2014 the HTTP / 2 standard proposal submitted to the IESG for discussion, was approved on February 17, 2015. HTTP / 2 standard in May 2015 to RFC 7540 was published.
HTTP / 2 compared HTTP 1.1 has the following changes:
- Transmitting data in binary format , text format, rather than HTTP 1.x, parses it more efficient binary protocol.
- Multiplexing using , instead of the original sequence and blocking mechanisms. All requests are concurrent connections is done through a TCP.
- Server push, the server can take the initiative to push other resources when sending a page HTML, rather than wait until the browser parses it into place, and then initiate a request response. For example, the server can take the initiative to push JS and CSS files to the client without the client parse the HTML and then send these requests. The server can take the initiative to push the client has the right to choose to receive or not. If the service side push the resource has been cached browser, the browser can be rejected by sending RST_STREAM frame. Active push also comply with the same origin policy, the server will not just push third-party resources to the client.
- Header compression , HTTP / 2 message header compression using HPACK transmission (compressed format designed for HTTP / 2 head design), it is possible to save traffic message header occupied network.
HTTP / 2 in the end how fast, there is a HTTP 1.1 VS HTTP / 2's demo Demo , after two Gouzi see too excited to sleep.
According to this optimization continues, two Gouzi site access speed will take off soon.
TLS 1.3
Two Gouzi suddenly thought, SSL version has been released to TLS 1.3, TLS protocol which is the newest, fastest and most secure version, compared to the previous version of the TLS protocol adds several new features. By simplifying the SSL handshake process, to improve the connection speed, reduced latency, and by removing the security risks encryption algorithm, to improve the performance, efficiency and security of user access, and the like.
To better understand how it works TLS 1.3, two Gouzi began a new learning journey.
As can be seen from the figure, the need to use two round trips TLS 1.2 (2-RTT) to complete the handshake, and then to send the request.
TLS 1.3 handshake no longer supports static RSA key exchange, which means that you must use to secure a full handshake before with Diffie-Hellman. As can be seen from the figure, using the TLS 1.3 protocol requires only one round trip (1-RTT) to complete the handshake.
Compared TLS 1.2, TLS 1.3 handshake time in half. This means that a mobile terminal to access the site, using TLS 1.3 protocol, it may be reduced by nearly 100ms time.
"Let not the HTTPS website slows, but site optimization is not enough", two Gouzi sent a deep emotion. Through the efforts of the night, and finally to the blog opened HSTS, HTTP / 2 and TLS 1.3, two Gouzi feel themselves to be the most beautiful blog community of Aberdeen. d but two Gouzi not know is that they shoot the cloud to provide one-stop service SSL certificate request, HSTS, HTTP / 2.0, TLS 1.3 features such as a key to open, every minute can make to speed quickly on HTTPS.
Recommended reading:
TLS 1.3 VS TLS 1.2, TLS 1.3 allows you to understand the powerful