Interview -HTTP HTTPS protocol

Others 2019-11-16 20:59:11 views: null

Author: Wu Fei with the
link: https: //zhuanlan.zhihu.com/p/72616216
Source: know almost
copyrighted by the author. Commercial reprint please contact the author authorized, non-commercial reprint please indicate the source.

1. What is the protocol?

Network protocol is an "agreement" or "rules" in order to achieve network communication between computers and agreed that with this "agreement" between different vendors' equipment as well as computers with different operating system components, you can achieve communication.

What 2.HTTP protocol is?

HTTP protocol is Hypertext Transfer Protocol acronym, and English is the Hyper Text Transfer Protocol. It is transmitted from HTML WEB server (HTML) protocol to transfer the local browser.

HTTP was originally designed purpose is to provide a method to publish and receive HTML pages.

HTPP there are several versions, it is currently widely used HTTP / 1.1 version.

3.HTTP principle

HTTP is a protocol to transfer data based on TCP / IP communication protocol, data transmission type is HTML File, image files, query results and so on.

HTTP protocol is generally used for B / S structure (). Browser as an HTTP client URL that is WEB server sends all requests to the server via HTTP.

We visit Baidu, for example:

 

Access Baidu Process

4.HTTP Features

  1. http protocol supports client / server mode, but also a request / response protocol mode.
  2. Simple and fast: a customer service request to the server, instead of sending the request method and path. Request method commonly used GET, HEAD, POST.
  3. Flexible: HTTP allows the transmission of any type of data object. The type of transmission to be marked by the Content-Type.
  4. Connectionless: restriction processing one request per connection. Server processes the request, and upon receipt of the customer's response, that is disconnected, but not conducive to the client and server to maintain session connection, in order to make up the shortfall, resulting in a technical state of http two records, called Cookie, called Session.
  5. Stateless: no stateless protocol memory means for transaction processing, subsequent processing need preceding information, it must be retransmitted.

5.URI and URL difference

HTTP uses uniform resource identifier (Uniform Resource Identifiers, URI) to transmit data and establish a connection.

  • URI: Uniform Resource Identifier uniform resource identifier symbol
  • URL: Uniform Resource Location uniform resource locating breaks

URI is used to indicate a specific resource, we can know what a resource URI Yes.

URL is used to locate a specific resource, indicate a specific resource location. Each file on the Internet has a unique URL.

6.HTTP message composition

Request message construction

  1. Request Line: includes a request method, URL, protocol / version
  2. Request header (Request Header)
  3. Request body
Request message composition

Response message construction

  1. State line
  2. Response header
  3. The response body
Response message composition

7. common request method

  • GET: request page information specified, and returns the entity body.
  • POST: Submit data processing request to the specified resource (e.g., file submission form or upload). Data contained in the request body. POST request may result in a revision to establish and / or existing resources to new resources.
  • HEAD: similar to the get request, the response is returned but not the specific content, for obtaining the header
  • PUT: replace specific content of the document data transmitted to the client from the server.
  • DELETE: requests the server to delete the specified page.

get request

GET request

post request

POST request

post and get the difference between:

  • Request header contains the request line, post multiple request body.
  • get used to multi-query request parameter in the url, it will not have an effect on the content on the server. post used to submit, such as the account password into the body in.
  • GET is added directly to the back of the URL, you can see directly in the URL, whereas POST is placed inside the packet, the user can not be seen directly.
  • GET submitted the data length is limited because of URL length limitations, specific length limit depending on your browser may be. And no POST.

8. Response status code

When accessing a Web page, the browser sends a request to a web server. This page server resides returns information header contains a status code of the HTTP response to the browser request.

Status Code Category :

  • 1XX- type information, the server receives the request, the requester needs to continue.
  • 2XX- successful type, the request is successfully received, understood and treated.
  • 3XX - redirection, further action is required to complete the request.
  • 4XX - error client request contains a syntax error or unable to complete the request.
  • 5XX - Server Error The server error has occurred during the processing of the request.

Common status codes :

  • 200 OK - client request was successful
  • 301-- resources (web pages, etc.) is permanently transferred to another URL
  • 302-- temporary jump
  • 400 Bad Request - The client requests a syntax error, it can not be understood by the server
  • 401 Unauthorized - unauthorized request, the status code must be used with the WWW-Authenticate header field
  • 404 - the requested resource does not exist, probably entered the wrong URL
  • 500-- unexpected internal server error occurred
  • 503 Server Unavailable - The server is currently unable to process the client's request, may return to normal after a period of time.

9. Why use https?

Actual use, the vast majority say the site now uses the https protocol, which is the trend of the future development of the Internet. The following is a login request by a blog site wireshark crawl process.

Blog Login Ethereal

Account access can see the password are transmitted in the clear, so that the request sent by the client can be easily intercepted by unscrupulous elements, therefore, HTTP protocol is not suitable for transmission of sensitive information, such as: a variety of account, password and other information, using the http protocol transmission of private information very unsafe.

There is a problem in general http:

  • Plaintext transmission request information, taken vulnerable to eavesdropping.
  • Check the integrity of data is not readily be tampered
  • Did not verify each other's identity, posing danger exists

10. What is HTTPS?

In order to solve the above problems HTTP, it uses HTTPS.

HTTPS protocol (HyperText Transfer Protocol over Secure Socket Layer): generally understood as HTTP + SSL / TLS, to authenticate the server through the SSL certificate, and encrypt the communication between the browser and server.

So what is SSL?

SSL (Secure Socket Layer, Secure Sockets Layer): 1994 was developed by Netscape, SSL protocol is located between the TCP / IP protocol with a variety of application-layer protocol that provides secure support for data communications.

TLS (Transport Layer Security, Transport Layer Security): its predecessor is SSL, it is the first few releases (SSL 1.0, SSL 2.0, SSL 3.0) developed by Netscape in 1999 from 3.1 began to be standardized and renamed the IETF, development it has been TLS 1.0, TLS 1.1, TLS 1.2 in three versions. SSL3.0 and TLS1.0 because of security vulnerabilities, has rarely been used to. TLS 1.3 changes will be relatively large, it is still in the draft stage, is currently the most widely used TLS 1.1, TLS 1.2.

History of SSL (encrypted Internet communications)

  1. In 1994 NetSpace designed protocol SSL (Secure Sockets Layout) 1.0 version, but not published.
  2. In 1995 NetSpace release version of SSL / 2.0, soon discovered that there are serious flaws
  3. Released in 1996 SSL / 3.0 version, large-scale application
  4. In 1999, it released TLS / 1.0 SSL version of an upgraded version of the most widely used version
  5. In 2006 and 2008, we issued a TLS / 1.1 version and TLS / 1.2 version

11. What browser uses HTTPS to transfer data is the process?

 

HTTPS data transfer process
  1. First SSL connection is established by the client to access the server URL.
  2. After the server receives a client request, the certificate information will be supported by the website (public key contained in the certificate) transmit a copy to the client.
  3. Client server security level began to negotiate SSL connection, which is encrypted information level.
  4. The client browser, depending on the security level agreed to establish a session key, and then use the site's public key to encrypt the session key and send it to the site.
  5. Server use their private key to decrypt the session key.
  6. 服务器利用会话密钥加密与客户端之间的通信。

12.HTTPS的缺点

  • HTTPS协议多次握手,导致页面的加载时间延长近50%;
  • HTTPS连接缓存不如HTTP高效,会增加数据开销和功耗;
  • 申请SSL证书需要钱,功能越强大的证书费用越高。
  • SSL涉及到的安全算法会消耗 CPU 资源,对服务器资源消耗较大。

13.总结HTTPS和HTTP的区别

  • HTTPS是HTTP协议的安全版本,HTTP协议的数据传输是明文的,是不安全的,HTTPS使用了SSL/TLS协议进行了加密处理。
  • http和https使用连接方式不同,默认端口也不一样,http是80,https是443。

Guess you like

Origin www.cnblogs.com/fan-1994716/p/11873203.html
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com