HTTP protocol
- HTTP (HYper Text Transfer Protocol) Hypertext Transfer Protocol, the protocol used to transfer from (www) server transfer of resources to the local Web browser
- HTTP protocol is based on TCP protocol, the default port 80. It is mainly used to specify the client and server data transfer format
- HTTP is based on a request and response model, stateless, no application layer protocol
HTTP Features:
1. simple and fast: a customer service request to the server, instead of sending the request method and path. -- high speed
2. Flexible: HTTP allows the transmission of any type of data object to be labeled with Content-Type.
3. No connection : only one restriction process each connection request. After the server processes client requests and receives the customer's response, i.e., disconnected . - Re-initiate the connection in this way can save transmission time?.
----- Based on the current web page more and more complex, you need a link inside handle multiple requests, do not want to deal with a request to disconnect the link; ----- then define the keep-alive inside Agreement mechanism, you can make a link to stay connected, become long connection
4. Stateless : protocol for client does not state storage, there is no "memory" ability to handle things, such as visiting a website require repeated login. 1 --- disconnection request "does not save any information; request 2 (with request information): need to be retransmitted
Taobao: Sign ---- "to purchase goods? We need cookies, session this mechanism to stay logged in
The communication plaintext, requests and responses do not confirm the communication party does not protect data integrity
client -----> ( a third party, message intercept, tamper message ) ---> server ====== HTTPS emerged In accordance with this
HTTPS protocol
The concept :: HTTPS (Hypertext Transfer Protocol Secure) https, simply, is a safe version of HTTP. It encrypt data and ensure its confidentiality - ciphertext, can protect the user when interacting with sites from stealing personal information and billing data, verify data integrity.
- HTTP + encryption + authentication + integrity = HTTPS
- Based on TCP port 443, and SSL protocol dressed in shell HTTP protocol.
- HTTP and HTTPS protocols at the bottom is the same (IP layer --- transport layer of a low-level protocol called TCP protocol, UDP protocol as well)
- HTTP protocol is directly directly into the HTTP protocol based on the TCP protocol
- HTTPS protocol from the TCP protocol, an SSL protocol layer prior, to a SSL protocol encapsulation packet header (based on SSL encryption), a package again HTTPS protocol; go to send an HTTP message encrypted on the basis of the above
The SSL handshake
==
1. The client requests an SSL connection, support and send their own set of rules to encrypt server. ---------1
2. The site selected from a group encryption algorithm and HASH algorithm, and their identity information in the form of a certificate sent back to the browser. Certificate which contains the website address, public key encryption, and certificate of authority and so on. --------- 2.3.4
A pair of keys: a public key - published - Encryption: private - private, decryption
3. After obtaining the site certificate the browser does the following; trusted? --- CA Licensing Authority; --------- 5.6.7
-
- 0 legality verification certificate - the identity of the server, such as trusted certificates, the browser will generate a bunch of random passwords and public key encryption with the certificate provided.
- 0 password to the site.
- 0 tells the site subsequent packets to be encrypted. Handshake ends.
4. After you do the following operations sites receiving data sent by the browser; --------- 8.9
-
- 0 using his private key to decrypt the message out password - encrypted
- 0 tells the client to encrypt a subsequent message. Handshake ends.
Application Datal (HTTP): communication, application data (HTTP) ------ 10.11
Alert warning, close notify: warning, turn off the notification -------- 12
- HTTP + 加密(秘钥来实现) + 身份认证(证书) + 完整性 ( MD5 哈希算法摘要 = 摘要 ) = HTTPS
HTTP协议 vs HTTPS协议
*******请大家尊重原创,如要转载,请注明出处:转载自:https://www.cnblogs.com/shouhu/ 谢谢!!*******