HTTP2 and HTTPS don't come to know?

First, preface

Only a bald head can become stronger.

HTTP blog post review:

• PC-side: HTTP is so simple
• PC-side: HTTP interview questions are here
• Public Terminal: HTTP is so simple
• Public Terminal: HTTP interview questions are here

This article is trying to clear every point of knowledge , I hope you can have a harvest after reading

Second, the HTTP protocol of this Life afterlife

Recently, when looking at the blog, found that some of the questions have been tested HTTP/2, so I went along to understand.

So far, there are three versions of the HTTP protocol:

• HTTP1.0
• HTTP1.1
• Http/2

Here's a brief talk about the difference between the three of them and the necessary additional points of knowledge.

Differences between the 2.1HTTP versions 2.1.1http1.0 and HTTP1.1 differences

The main differences between HTTP1.0 and HTTP1.1 are:

• HTTP1.1 default is persistent connection !

The default is short connection in HTTP1.0:

Simply put: every time you interact with the server, you need to open a new connection !

Imagine: Request a picture, open a new connection, request a CSS file, a new connection, request a JS file, new open a connection. HTTP protocol is TCP-based, TCP each time to go through three handshake, four waves, slow start ... It all needs to consume a lot of our resources!

The persistent connection is used by default in HTTP1.1: establish a connection, and multiple requests are completed by this connection ! (if it is blocked, it will open a new TCP connection)

There are other important changes compared to persistent connections:

• HTTP 1.1 Add Host Field
• HTTP 1.1 introduced a Chunked transfer-coding range of requests to implement a breakpoint continuation (in effect, using the HTTP message header with chunked transfer encoding, the entity Body chunked transfer)
• HTTP 1.1 pipelining (pipelining) theory, clients can make multiple HTTP requests at the same time without having to wait for a response and then request
  • Note: This pipelining is only limited to theoretical scenarios , and most desktop browsers will still choose to turn off HTTP by default pipelining!
  • So now the application using the HTTP1.1 protocol, it is possible to open multiple TCP connections !

Resources:

• Https://www.cnblogs.com/gofighting/p/5421890.html

2.1.2HTTP2 Foundation

Before talking about HTTP2, it is better to first visually compare the difference between HTTP2 and HTTP1.1:

• Https://http2.akamai.com/demo

As has been said, HTTP 1.1 proposes a pipelined (pipelining) theory, but it is only limited to the theoretical stage, and this function is closed by default.

The difference between pipelined (pipelining) and non-pipelined:

HTTP pipelining is actually to put multiple HTTP requests in a TCP connection one by one sent, and in the sending process does not need to wait for the server to respond to the previous request, but the client is still in order to send the request to receive the response!

Just like waiting in line at a supermarket cashier or bank counter, you don't know whether the customer in front of you is a neat one or a cashier/teller to the end of the world (anyway, the server (i.e. the cashier/Teller) is going to process the request in order, if The previous request is time consuming (customer lag), and subsequent requests will be affected.

• In HTTP1.0, when a request is sent, it waits for the service side to respond before it can continue sending the request.
• In HTTP1.1, when a request is sent, there is no need to wait for the server to respond and send the request, but when the loopback data to the client, the client still needs to receive one by one in the order of the response.
• Therefore, whether it is HTTP1.0 or HTTP1.1 put forward the pipelining theory, there will be blocking the situation. From a professional noun, this is called a thread block (Head of line blocking) abbreviation: HOLB

2.1.3http1.1 and HTTP2 differences

The most important difference between HTTP2 and HTTP1.1 is that it solves the problem of thread blocking! The most important changes are: multiplexing (multiplexing)

• Multiplexing means that header blocking will not be a problem, allowing multiple request-response messages to be initiated through a single HTTP/2 connection, and the optimization of merging multiple requests for one will no longer apply.
  • (We know: HTTP1.1 in the pipelining is not put into actual), in order to reduce the HTTP request, there are many operations to merge multiple requests, such as: spriting (multiple pictures to synthesize a picture), inline inlining ( The original image data embedded in the CSS file inside the URL), splicing concatenation (a request to download a plurality of JS files), Shard sharding (the request is assigned to each host) ...

The use of HTTP2 may be like this:

HTTP2 the core of all performance enhancements is the new binary sub-frame layer (which is no longer transmitted in text format), which defines how HTTP messages are encapsulated and transferred between the client and the server.

It seems that the protocol format and http1.x completely different, in fact, HTTP2 did not change the semantics of http1.x , but the original http1.x header and body part of the frame to re-encapsulate a layer just

each frame transmitted on the HTTP2 connection is associated to a "stream". A stream is a stand-alone, bidirectional frame sequence that can exchange data continuously between the server and the client through a HTTP2 connection.

In fact when transporting:

HTTP2 also has some more important changes:

• Compression of HTTP/2 head using Hpack
• Server push
  • HTTP2 Push profile: 1190000015773338
• Flow control
  • Control for streams in transit (TCP default granularity is for connections)
• Stream Priority-it is used to tell which stream is more important to the end .

2.2HTTP2 Summary

HTTP1.1 New changes:

• Persistent connections
• Request pipelining
• Increased cache processing (new fields such as Cache-control)
• Add Host field, support breakpoint transfer, etc.

HTTP2 New changes:

• Binary Sub-frame
• Multiplexing
• Head compression
• Server push

Resources:

• HTTP2 Gitbook ebook (Chinese version): Https://legacy.gitbook.com/book/ye11ow/http2-explained/details
• What are the major improvements in http/2.0 compared to 1.0? https://www.zhihu.com/question/34074946
• Analysis of new features of HTTP/2:1190000002765886
• HTTP2 Study Materials: https://imququ.com/post/http2-resource.html
• HTTP2 Introduction and HTTP2-based Web optimization: http://caibaojian.com/toutiao/6641
• Introduction to HTTP2 Principle: https://blog.qingf.me/?p=600
• HTTP/2 to the current Web access, what is the big optimization? Where does it show up? https://www.zhihu.com/question/24774343/answer/96586977
• HTTP/2 notes and multiplexing: http://www.blogjava.net/yongboy/archive/2015/03/19/423611.aspx

2.3HTTPS Review again

Before the interview was asked the Https,ssl such a knowledge point, also did not answer, here also simple tidy up a bit.

First of all, to explain the basic stuff:

• Symmetric encryption:
  • Encryption and decryption are all using the same key
• Asymmetric Encryption:
  • Encrypt with public key, decrypt with private key
  • (private keys are known only by themselves, public keys are known to everyone)
• Digital signature:
  • Verify that the transmitted content is the data sent by the other party
  • The data sent has not been tampered with.
• Digital certificate (Certificate authority) referred to as CA
  • The certification body proves to be the real data sent by the server .

3y Road of communication:

• Ancient times: 3y and girlfriend chat transfer data without any encryption, direct transmission
  • The content is clearly seen, there is no privacy to say
• Ancient times: Using symmetric encryption to guarantee the transmission of data only two people know
  • At this point, there is a problem: The key can not be transmitted over the network (because there is no encryption before, is not safe), so 3y and girlfriend first interview face once, tell each other the password is how much, and then dialogue chat.
• Medieval: 3y not only to chat with female friends, but also to chat with Mom and dad (also do not want to divulge their own communication information). There are so many people, do you have an offer to meet once every time? (Instructions to maintain multiple symmetric keys are troublesome!) )---> So asymmetric encryption is used.
  • 3y keep a password, unique (private). Tell 3y girlfriend, mom and dad a password (this password is public, anyone can take---> Public key). Before they send me a message, use the password I told them to encrypt it and send it to me. After I receive the message, I can decrypt it with my unique private key!
• Modern times: Now there is a problem: although others do not know what the private key is, you can not get the original transmission of data, but the data will be encrypted, they can get rid of a part of the data and then sent to the server, so that the server to get the data is not complete up.
  • 3y girlfriend to 3y sent a message "3y I Like You", and then use 3y to encrypt the public key, sent to 3y. At this time the malicious person intercepted the encrypted information, he can not decipher the original information . But he can change the encrypted data and then pass it on to 3y. Maybe 3y gets the data that is "3y, you kneel on the keyboard tonight."
• Hyundai: The data obtained may have been tampered with, and we can use digital signatures to solve the problem of tampering. In fact, digital signature can also be regarded as a means of asymmetric encryption, in particular: get the original information hash value, with the private key to the hash value encryption, the other end with the public key decryption, The last hash value is changed. If it changes, the explanation is tampered with. (one end is encrypted with the private key, the other end is decrypted with the public key, and the source is ensured)
• Now: It seems that the use of digital signature is foolproof, in fact, there are problems. When we use asymmetric encryption, we use the public key to encrypt it. If the public key is forged , the subsequent digital signature is meaningless. To tell the end: still may be attacked by the middleman ~ at this time we have a CA Certification Body to confirm the authenticity of the public key !

For a digital signature and CA certification still don't know a little bit about reference

• Nanyi: http://www.ruanyifeng.com/blog/2011/08/what_is_a_digital_signature.html
• What are digital signatures and certificates? https://www.jianshu.com/p/9db57e761255

Back to our Https,https is actually added a layer of SSL protocol under the HTTP protocol (PS: now with the TLS protocol)

HTTPS uses mixed- mode encryption :

The process is like this:

• The user initiates a request for a secure connection to the Web server
• The server returns a CA-certified digital certificate that contains the public key of the server
• The user obtains the digital certificate, decrypts the server's public key with its own browser's built-in CA certificate
• The user uses the server's public key to encrypt a key for the next symmetric encryption algorithm to pass to the Web server
  • Because only the server has private key to decrypt, so don't worry about the middleman to intercept this encrypted key
• The server gets the encrypted key, decrypts the key, uses the symmetric encryption algorithm, and completes the next network communication with the user.

So it's more secure than HTTP,HTTPS transmission.

• (1) All information is encrypted and transmitted, and hackers cannot eavesdrop.
• (2) has a calibration mechanism, once tampered with, the communication parties will immediately find.
• (3) equipped with identity card to prevent identity being impersonating.

Resources:

• What is the relationship between digital signatures, digital certificates, SSL, and HTTPS? https://www.zhihu.com/question/52493697/answer/131015846
• Talking about the working principle of SSL/TLS: https://zhuanlan.zhihu.com/p/36981565
• HTTPS series: https://tech.upyun.com/article/192/HTTPS%E7%B3%BB%E5%88%97%E5%B9%B2%E8%B4%A7%EF%BC%88%E4%B8%80%EF%BC% 89%ef%bc%9ahttps%20%e5%8e%9f%e7%90%86%e8%af%a6%e8%a7%a3.html
• Website HTTP upgrade HTTPS full configuration manual: Https://www.cnblogs.com/powertoolsteam/p/http2https.html

Iii. Summary

I am just in the process of learning, the problems I encountered to write out, sorting out, I hope to be helpful to everyone. If the article is wrong, I hope you can correct in the comments, learn to Exchange ~

Resources:

• "Graphic http"

If the article is wrong, welcome to correct, we communicate with each other. Accustomed to looking at technical articles, want to get more Java resources of students, can pay attention to the public number: Java3y. For everyone's convenience, just new QQ Group: 742919422, we can also go to exchange. Thanks for the support! I hope to introduce more to other needy friends.

Directory navigation for articles :

• Https://zhongfucheng.bitcron.com/post/shou-ji/wen-zhang-dao-hang

HTTP2 and HTTPS don't come to know?