Http and Https related issues

Http和Https

Http (default port 80)

Hypertext Transfer Protocol (Http, HyperText Transfer Protocol) is the most widely used network protocol (Internet Application Layer ). Http originally designed purpose is to provide a method to publish and receive HTML pages. It can make more efficient browser. Http protocol information is sent in the clear, if a hacker to intercept the transmission of messages between Web browsers and servers, which you can obtain information directly.

Http request packet structure

• Request line: request method, URL, protocol version, carriage
• Request header: Http request to set various parameters
• Blank line: You must empty line indicating the end of the request header
• Request body: carry data upload, mainly POST request

Http response packet structure

• Status line: the protocol version, status code, status code Description
• Response header: Description clients use some additional information, such as date, content-type
• Blank line
• Response Body: data returned

Step request / response

• The client connects to the Web server
• Http request transmission
• Http server accepts the request and returns a response
• TCP connection release
• The client browser parses the HTML content

URL of the page to process

• DNS (Domain Name System, the domain name system) to resolve
• Establish a TCP connection
• Http request transmission
• Http server processes the request and returns the packets
• Browser parses rendering pages
• Connection is ended

Refer to detailed process https://www.cnblogs.com/xianyulaodi/p/6547807.html

The difference between GET and POST

• Http message level: GET request information in the URL, POST on the packet body
• Database level: GET request compliance idempotent (the result of multiple operations and one operation agreement) and safety (not modify the database), POST does not comply
• Other: GET can be cached, stored, POST will not do

Https (default port 443)

Safety is the goal of the HTTP channel is secure version of HTTP, provides secure transmission by adding support for SSL layer under HTTP. Https major role include: establish information security channel to ensure safe transport and confirm the authenticity of the site's data.

What is SSL?

SSL (Security Sockets Layer, Secure Sockets Layer), provides network communications security and data integrity of a secure protocol, the SSL is located between each application and the TCP layer, is provided outside the operating system API, is later versions SSL3.0 called the TSL. Primarily through the authentication and data encryption to ensure data integrity and security of network communications.

Data transmission flow Https

• The browser will support the encryption algorithm information to the server
• Select a server browser supports encryption algorithm, in the form of certificates of postback browser
• Browser to verify the legitimacy of a certificate, a certificate and public key encryption in conjunction with the information sent to the server
• The server uses the private key to decrypt the information, verification hash, encrypt response messages sent back to the browser
• Browser decryption response message, and the message is the test, followed by interactive data encryption

Http and Https of difference

HTTP	HTTPS
HTTP	HTTP
TCP	SSL or TSL
IP	TCP
。。。	IP

• Https need to apply for CA certificate, Http do not need
• Https ciphertext transmission, Http cleartext
• Different connectors, different port numbers used
• Https safer