HTTP: what are the differences with HTTPS?

HTTPS (Secure Hypertext Transfer Protocol) -- Secure Hypertext Transfer Protocol

It is developed by Netscape and built in its browser. It is used to compress and decompress data and return the results of network upload and return. HTTPS actually uses Netscape's full Socket Layer (SSL) as the child layer of the HTTP application layer. (HTTPS uses port 443 instead of using port 80 as HTTP to communicate with TCP/IP .) SSL uses 40-bit keywords as the RC4 stream encryption algorithm, which is suitable for business information encryption. HTTPS and SSL support X.509 digital authentication. If necessary, you can confirm who the sender is.

Core of WWW-http protocol

As we all know, the basic protocol of Internet is TCP/IP. FTP and Archie gopher are widely used as application layer protocols based on TCP/IP, different protocols correspond to different applications. <Br> the main protocol used by the WWW server is the HTTP protocol, that is, the ultra-style transmission protocol. Because HTTP supports services not limited to www, but also other services, HTTP allows users to access different services using different protocols on a unified interface, such as FTP, Archie, SMTP, and nntp. In addition, HTTP can also be used for name server and distributed object management.

2.1 Introduction to HTTP
HTTP is an object-oriented protocol at the application layer. It is applicable to distributed hypermedia information systems due to its simple and fast method. It proposed in 1990 that, after several years of use and development, it has been continuously improved and expanded. Currently, the sixth version of HTTP/1.0 is used in WWW, standardization of HTTP/1.1 is in progress, and suggestions for HTTP-NG (Next Generation of HTTP) have been put forward.
The main features of HTTP are as follows:
1. Supports the customer/Server mode.
2. simple and fast: when a customer requests a service from the server, they only need to send the request method and path. Common Request methods include get, Head, and post. Each method specifies the type of contact between the customer and the server.
Because the HTTP protocol is simple, the program size of the HTTP server is small, so the communication speed is fast.
3. Flexibility: HTTP allows transmission of any type of data objects. The type being transferred is marked by Content-Type.
4. No connection: No connection means that only one request is allowed for each connection. After the server processes the customer's request and receives the customer's response, the connection is disconnected. This method can save transmission time.
5. Stateless: HTTP is stateless. Stateless means that the Protocol has no memory for transaction processing. The lack of status means that if subsequent processing requires the previous information, it must be re-transmitted, which may increase the amount of data transmitted each connection. On the other hand, when the server does not need previous information, its response is faster.

2.2 important concepts of HTTP
1. connection: the actual circulation of a transport layer, which is established between two applications that communicate with each other.
2. Message: The basic unit of HTTP Communication, including a structured sequence of eight-element groups and transmitted through connections.
3. Request: The request information from the client to the server includes the method, resource identifier, and Protocol version number applied to the resource.
4. Response: The information returned by an slave server includes the HTTP version number, the Request status (for example, "successful" or "not found"), and the MIME type of the document.
5. Resource: network data object or service identified by Uri.
6. entity: A special representation of a data resource or service resource, which may be enclosed in a request or response. An object includes object header information and object content.
7. Client: an application that establishes a connection to send a request.
8. User Agent: the client that initializes a request. They are browsers, editors, or other user tools.
9. SERVER: an application that accepts connections and returns information for requests.
10. origin server: A server on which a given resource can reside or be created.
11. Proxy: An intermediate program that can act as a server or a client and create a request for other clients. Requests are transmitted to other servers through possible translation. A proxy must explain before sending the request information and rewrite it if possible.
A proxy is often used as a portal through a firewall client. A proxy can also be used as a help application to process requests that are not completed by a user proxy through a protocol.
12. Gateway: A server serving as the intermediate media of other servers. Different from the proxy, the gateway accepts the request as if it is the source server for the requested resource; the client sending the request does not realize that it is dealing with the gateway.
The gateway is often used as a portal for servers that use firewalls. The Gateway can also be used as a protocol translator to access resources stored in non-HTTP systems.
13. Tunnel: it is an intermediary program used as two connection relay. Once activated, the channel is considered not to belong to HTTP Communication, although the channel may be initialized by an HTTP request. When the two ends of the relay connection are closed, the channel disappears. The channel is frequently used when a portal must exist or intermediary cannot interpret the relay communication.
14. cache: Local Storage of response information.

2.3 How HTTP works
HTTP is based on the request/response paradigm. After a client establishes a connection with the server, it sends a request to the server in the format of Uniform Resource Identifier and Protocol version number, the mime information is followed by the request modifier, client information, and possible content. After receiving the request, the server sends a response in the format of a Protocol version number containing the information, a successful or wrong code in the status line, mime information is followed by server information, entity information, and possible content.
Many HTTP communications are initiated by a user proxy and include a request to request resources on the source server. The simplest case may be that a separate connection is established between the user proxy (UA) and the source server (O) (see Figure 2-1 ).
Figure 2-1
When one or more intermediaries appear in the request/response chain, the situation becomes more complex. There are three types of mediation: proxy, gateway, and tunnel ). A proxy accepts the request according to the absolute format of the URI, overrides all or part of the message, and sends the formatted request to the server through the URI identifier. The gateway is a receiving proxy and serves as the upper layer of some other servers. If necessary, you can translate the request to the lower layer server protocol. A channel serves as a relay point between two connections that do not change messages. A channel is often used when communication requires an intermediary (such as a firewall) or an intermediary that cannot identify messages. Figure 2-2
Figure 2-2 above shows three intermediaries (A, B, and C) between the user proxy (UA) and the source server (o ). A request or response message through the entire chain must pass through four connection segments. This difference is important, because some HTTP Communication options may be applied to the nearest connection, without channel neighbors, to the end of the chain or to all connections along the chain. Although Figure 2-2 is linear, each participant may engage in multiple concurrent communications. For example, B may receive requests from many clients instead of a, and/or send requests to a without C. At the same time, B may process requests from.
Any aggregation that is not used as a channel may enable an internal cache for processing requests. The cache effect is that the request/response chain is shortened, and the condition is that one of the participants along the chain has a cache response acting on that request. It indicates the result chain. The condition is that a request is not cached by UA or aplus, and B has a cache copy that passes through a previous response of C from O.
Figure 2-3
On the Internet, HTTP Communication usually occurs over TCP/IP connections. The default port is TCP 80, but other ports are also available. However, this does not indicate that the HTTP protocol can be completed over the Internet or other network protocols. HTTP only indicates a reliable transmission.
The above briefly introduces the macro operation mode of the HTTP protocol. The following describes the internal operation process of the HTTP protocol.
First, we will briefly introduce the information exchange process of the Client/Server mode based on the HTTP protocol, as shown in 2-4. It consists of four processes: establishing a connection, sending request information, sending response information, and closing a connection.
Figure 2-4
In WWW, "customer" is a relative concept with "server". It only exists in a specific connection period, that is, the customer in a connection may act as a server in another connection. When the WWW server is running, it keeps listening on the tcp80 port (the default WWW port), waiting for the connection to appear.
Next, we will discuss the implementation of information exchange in the Client/Server mode under the HTTP protocol. 1. Establish a connection by applying for a socket. The customer opens a socket and limits it to a port. If it succeeds, it is equivalent to creating a virtual file. Later, you can write data on the Virtual File and transmit it over the network.
2. Send a request
After a connection is opened, the client sends the request message to the server's Stop port to complete the request.
The format of the HTTP/1.0 request message is:
Request Message = request line (Common Information | Request Header | entity header) CRLF [entity content]
Request Line = method request url http Version Number CRLF
Method = GET | HEAD | post | Extension Method
U r l = protocol name + host name + directory and file name
The method description in the request line specifies the actions to be executed in the resource. Common methods include get, Head, and post. The get results of different request objects are different, and their relations are as follows:
Object get result
File Content
Program Execution result of the program
Database query results
Head -- requires the server to find the metadata of an object, not the object itself.
Post: transmits data from a client to the server. The post method is used when the server and CGI are required for further processing. Post is mainly used to send Form Content in HTML text for CGI programs to process.
An example of a request is:
Get http://networking.zju.edu.cn/zju/index.htm HTTP/1.0
Header information is also known as metadata, that is, information. meta information can be used to implement conditional requests or responses.
Request Header-tells the server how to interpret the request, including the data type, compression method, and language that the user can accept.
Object Header: Object Information type, length, compression method, last modification time, data validity period, etc.
Entity-request or response object itself.
3. Send Response
The server sends a Response Message to the client after processing the customer's request.
The Response Message format for HTTP/1.0 is as follows:
Response Message = Status line (Common Information header | response header | entity header) CRLF [entity content 〕
Status line = HTTP Version Number status code reason description
Status Code indicates the response type
1 × Reserved
2×× indicates that the request is successfully received.
3×× further refine the request to complete the request
4×× customer Error
5×× Server Error
The response header information includes the service program name, the URL that notifies the customer of the request to be authenticated, and the requested resource when it can be used.
4. Close the connection
Both the client and server can end the TCP/IP conversation by closing the socket.