First, HTTP
The Hypertext Transfer Protocol HTTP protocol is used to pass information between a Web browser and a Web server, the HTTP protocol sends content in plaintext, does not provide data encryption in any way, and if an attacker intercepts a transmission message between a Web browser and a Web server, it can read the information directly, so HTTP protocol is not suitable for transmitting some sensitive information, such as credit card number, password and other payment information.
Second, HTTPS
is a security-targeted HTTP channel, simply speaking is the security version of HTTP. That is, the SSL layer is added under HTTP, the security base of HTTPS is SSL, so the detailed content of encryption needs SSL.
Third, the difference between HTTPS and HTTP
HTTP uses the TCP three handshake to establish the connection, the client and the server need to Exchange 3 packets, HTTPS in addition to the TCP three packets, but also to add the SSL handshake required 9 packets, so altogether is 12 packets.
The main differences between HTTPS and HTTP are as follows:
1, the HTTPS protocol requires a certificate to the CA, generally less free certificate, and therefore a certain cost.
2, HTTP is a Hypertext Transfer Protocol, the information is plaintext transmission, HTTPS is a secure SSL encryption Transfer protocol.
3, HTTP and HTTPS use a completely different way of connection, with the same port, the former is 80, the latter is 443.
4, the HTTP connection is very simple, is stateless; The HTTPS protocol is a network protocol built by the SSL+HTTP protocol for encrypted transmission and authentication, which is more secure than the HTTP protocol.
HTTPS encryption, encryption, and verification process (simple is the public private key encryption, and then based on the private key and the content of symmetric encryption)
1. Client initiates HTTPS request
This is nothing to say, is the user in the browser input an HTTPS URL, and then connect to the server port 443.
2, the service side of the configuration
The server with the HTTPS protocol must have a digital certificate, you can make it yourself, or you can apply to the organization, the difference is that the certificate issued by the client needs to be verified by clients to continue to access, and the use of trusted companies to apply for the certificate will not pop up the prompt page (Startssl is a good choice, There are 1 years of free service).
This set of certificates is actually a pair of public and private keys, if the public key and the private key is not understood, you can imagine a key and a lock, but the whole world only you have this key, you can give the lock to others, others can use this key to lock up the important things, and then send you, because only you have this key, So only you can see what is locked up by this lock.
3. Transfer Certificate
This certificate is actually the public key, but contains a lot of information, such as the certificate Authority, expiration time and so on.
4. Client Resolution Certificate
This part of the work is done with the client's TLS, first verify that the public key is valid, such as the authority, expiration time, and so on, if an exception is found, a warning box pops up, prompting for a problem with the certificate.
If there is no problem with the certificate, then a random value is generated and the random value is encrypted with the certificate, as stated above, locking the random value with a lock so that the locked content is not visible unless the key is there.
5. Transmitting encrypted information
This part transmits the random value that is encrypted with the certificate, the purpose is to let the server to get this random value, the client and the service side of the communication can be encrypted by this random value to decrypt.
6. Service Segment Decryption Information
After the server is decrypted with the private key, the client passes the random value (the private key), and then the content through the value of symmetric encryption, the so-called symmetric encryption is, the information and the private key through some kind of algorithm mixed together, so that unless the private key, otherwise can not get the content, and just the client and the server know this private So as long as the encryption algorithm is sturdy enough, the private key is complex enough to secure the data.
7, the transmission of information after encryption
This part of the information is the service segment with the private key encrypted after the information, can be restored on the client.
8. Client Decryption Information
The client uses the previously generated private key to decrypt the information sent by the service segment, and then obtains the decrypted content, the whole process even if the third party hears the data, also helpless.
Iv. three-time handshake of TCP
Establishing TCP requires three handshakes to be established, while disconnecting requires four handshakes. The entire process is as follows:
Establish a connection: first the client sends the connection request message, the Server section accepts the connection and replies to the ACK message, and allocates resources for this connection. An ACK message is also sent to the server segment after the client receives an ACK message, and the resource is allocated so that the TCP connection is established.
Disconnect: The interrupt connection can be either the client side or the server side. Suppose the client side initiates an interrupt connection request, which is to send a fin message. After the server receives the fin message, it means "My client has no data to send to you", but if you have data that is not sent, you do not need to close the socket, you can continue to send data. So you first send an ACK, "tell the client that your request I received, but I am not ready, please continue to wait for my message." At this point the client enters the fin_wait state and continues to wait for Fin messages on the server side. When the server side determines that the data has been sent, the fin message is sent to the client side, "Tell the client side, OK, my side of the data is finished, ready to close the connection." Client side received fin message, "I know can shut down the connection, but he still do not believe the network, afraid the server side do not know to shut down, so send an ACK into the time_wait state, if the server does not receive an ACK can be re-transmitted. "When the server side receives an ACK," You know you can disconnect. " Client side waiting for 2MSL still not received a reply, the server side has been properly shut down, well, I can also close the client terminal connection. The OK,TCP connection is closed like this!
V. The difference between TCP and UDP
The TCP protocol is reliable, the UDP protocol is unreliable, and the best effort is delivered
1, TCP-oriented connection (such as the phone to dial the first to establish a connection); UDP is not connected, that is, you do not need to establish a connection before sending data
2, TCP provides reliable service. In other words, the data transmitted through the TCP connection is error-free, not lost, not duplicated, and arrives sequentially; UDP does its best to deliver, that is, does not guarantee reliable delivery
3, TCP-oriented byte stream, in fact, TCP data as a series of non-structured byte stream; UDP is packet-oriented, UDP does not have congestion control, so network congestion does not reduce the sending rate of the source host (useful for real-time applications, such as IP telephony, real-time video conferencing, etc.)
4, each TCP connection can only be point-to; UDP supports one-to-many, multi-pair, many-to-many interactive communication
5, TCP header overhead 20 bytes; UDP has a small header overhead and only 8 bytes
6, the logical communication channel of TCP is full-duplex reliable channel, UDP is unreliable channel
Vi. the difference between get and post
1. Transmission Data Mode
Get request, the requested data is appended to the URL, to split the URL and transfer data, multiple parameters with & connection. The encoding format of the URL is encoded in ASCII rather than Uniclde, meaning that all non-ASCII characters are encoded before being transmitted.
POST request: The POST request places the requested data in the package body of the HTTP request packet. The item=bandsaw above is the actual transfer data.
Therefore, the data for the GET request is exposed in the address bar, and the POST request does not.
2, the size of the transmitted data
In the HTTP specification, there is no limit to the length of the URL and the size of the data being transmitted. However, in the actual development process, for get, the specific browser and server to the length of the URL is limited. Therefore, when you use a GET request, the transfer data is limited by the URL length.
In the case of post, it is theoretically not restricted because it is not a URL, but in fact each server specifies that the size of the post submission data is limited, and that Apache and IIS have their own configuration.
3. Security
The security of post is higher than get. The security here refers to real security, and unlike the security methods mentioned above, the security mentioned above is simply not modifying the server's data. For example, in the login operation, through the GET request, the user name and password will be exposed to the URL, because the login page is likely to be cached by the browser and other people to view the history of the browser, the user name and password is easy to get someone else. In addition, data submitted by get requests may also cause Cross-site request Frogery attacks
Computer network Http,https,tcp,udp,get,post