Computer network HTTP,HTTPS,TCP,UDP

First, HTTP

The Hypertext Transfer Protocol HTTP protocol is used to pass information between a Web browser and a Web server, the HTTP protocol sends content in plaintext, does not provide data encryption in any way , and if an attacker intercepts a transmission message between a Web browser and a Web server, Can read the information directly, therefore, the HTTP protocol is not suitable for transmitting some sensitive information, such as: credit card number, password and other payment information.

Second, HTTPS

is a security-targeted HTTP channel, simply speaking is the security version of HTTP. That is, the SSL layer is added under HTTP, the security base of HTTPS is SSL, so the detailed content of encryption needs SSL.

Third, the difference between HTTPS and HTTP

HTTP uses the TCP three handshake to establish the connection, the client and the server need to Exchange 3 packets, HTTPS in addition to the TCP three packets, but also to add the SSL handshake required 9 packets, so altogether is 12 packets.

The main differences between HTTPS and HTTP are as follows:
1, the HTTPS protocol requires a certificate to the CA, generally less free certificate, and therefore a certain cost.
2, HTTP is a Hypertext Transfer Protocol, the information is plaintext transmission, HTTPS is a secure SSL encryption Transfer protocol.
3, HTTP and HTTPS use a completely different way of connection, with the same port, the former is 80, the latter is 443.
4, the HTTP connection is very simple, is stateless; The HTTPS protocol is a network protocol built by the SSL+HTTP protocol for encrypted transmission and authentication, which is more secure than the HTTP protocol.

HTTPS encryption, encryption, and verification process (simple is the public private key encryption, and then based on the private key and the content of symmetric encryption)

1. Client initiates HTTPS request
This is nothing to say, is the user in the browser input an HTTPS URL, and then connect to the server port 443.
2, the service side of the configuration
The server with the HTTPS protocol must have a digital certificate, you can make it yourself, or you can apply to the organization, the difference is that the certificate issued by the client needs to be verified by clients to continue to access, and the use of trusted companies to apply for the certificate will not pop up the prompt page (Startssl is a good choice, There are 1 years of free service).
This set of certificates is actually a pair of public and private keys, if the public key and the private key is not understood, you can imagine a key and a lock, but the whole world only you have this key, you can give the lock to others, others can use this key to lock up the important things, and then send you, because only you have this key, So only you can see what is locked up by this lock.
3. Transfer Certificate
This certificate is actuallyPublic Key, just contains a lot of information, such as the certification authority, expiration time, and so on.
4. Client Resolution Certificate
This part of the work is done with the client's TLS, first verify that the public key is valid, such as the authority, expiration time, and so on, if an exception is found, a warning box pops up, prompting for a problem with the certificate.
If there is no problem with the certificate, then a random value is generated and the random value is encrypted with the certificate, as stated above, locking the random value with a lock so that the locked content is not visible unless the key is there.
5. Transmitting encrypted information
This part transmits the random value that is encrypted with the certificate, the purpose is to let the server to get this random value, the client and the service side of the communication can be encrypted by this random value to decrypt.
6. Service Segment Decryption Information
After the server is decrypted with the private key, it gets the client's message.random value (private key), and then the content is passed through this valueSymmetric encryption, the so-called symmetric encryption is that the information and the private key through an algorithm to mix together, so that unless the private key is known, or can not get the content, and just the client and the server know the private key, so long as the encryption algorithm is sturdy enough, the private key is complex enough, the data is safe enough.
7, the transmission of information after encryption
This part of the information is the service segment with the private key encrypted after the information, can be restored on the client.
8. Client Decryption Information
The client uses the previously generated private key to decrypt the information sent by the service segment, and then obtains the decrypted content, the whole process even if the third party hears the data, also helpless.

Iv. three-time handshake of TCP

Establishing TCP requires three handshakes to be established, while disconnecting requires four handshakes. The entire process is as follows:

Establish a connection: first the client sends the connection request message, the Server section accepts the connection and replies to the ACK message, and allocates resources for this connection. An ACK message is also sent to the server segment after the client receives an ACK message, and the resource is allocated so that the TCP connection is established.

Disconnect: The interrupt connection can be either the client side or the server side. Suppose the client side initiates an interrupt connection request, which is to send a fin message. After the server receives the fin message, it means "My client has no data to send to you", but if you have data that is not sent, you do not need to close the socket, you can continue to send data. So you first send an ACK, "tell the client that your request I received, but I am not ready, please continue to wait for my message." At this point the client enters the fin_wait state and continues to wait for Fin messages on the server side. When the server side determines that the data has been sent, the fin message is sent to the client side, "Tell the client side, OK, my side of the data is finished, ready to close the connection." Client side received fin message, "I know can shut down the connection, but he still do not believe the network, afraid the server side do not know to shut down, so send an ACK into the time_wait state, if the server does not receive an ACK can be re-transmitted. "When the server side receives an ACK," You know you can disconnect. " Client side waiting for 2MSL still not received a reply, the server side has been properly shut down, well, I can also close the client terminal connection. The OK,TCP connection is closed like this!

The difference between TCP and UDP

The TCP protocol is reliable, the UDP protocol is unreliable, and the best effort is delivered

1, TCP-oriented connection (such as the phone to dial the first to establish a connection); UDP is not connected, that is, you do not need to establish a connection before sending data
2, TCP provides reliable service. In other words, the data transmitted through the TCP connection is error-free, not lost, not duplicated, and arrives sequentially; UDP does its best to deliver, that is, does not guarantee reliable delivery
3, TCP-oriented byte stream, in fact, TCP data as a series of non-structured byte stream; UDP is packet-oriented, UDP does not have congestion control, so network congestion does not reduce the sending rate of the source host (useful for real-time applications, such as IP telephony, real-time video conferencing, etc.)
4, each TCP connection can only be point-to; UDP supports one-to-many, multi-pair, many-to-many interactive communication
5, TCP header overhead 20 bytes; UDP has a small header overhead and only 8 bytes
6, the logical communication channel of TCP is full-duplex reliable channel, UDP is unreliable channel

Computer network HTTP,HTTPS,TCP,UDP