Home > Article > Operation and Maintenance > Quickly learn about HTTP and HTTPS protocols!
#1. What is a protocol?
Network protocol is an "agreement" or "rule" reached between computers to achieve network communication. With this "agreement", production equipment from different manufacturers, and Communication can be achieved between computers composed of different operating systems.
2. What is the HTTP protocol?
HTTP protocol is the abbreviation of Hypertext Transfer Protocol, and the English name is Hyper Text Transfer Protocol. It is a transmission protocol for transmitting Hypertext Markup Language (HTML) from a WEB server to a local browser.
The original purpose of designing HTTP was to provide a method for publishing and receiving HTML pages.
HTPP has multiple versions, and the HTTP/1.1 version is currently widely used.
3.HTTP principle
HTTP is a protocol that transmits data based on the TCP/IP communication protocol. The data type transmitted is HTML files. ,, picture files, query results, etc.
HTTP protocol is generally used in B/S architecture (). As an HTTP client, the browser sends all requests to the HTTP server, that is, the WEB server, through the URL.
Let’s take visiting Baidu as an example:
4.HTTP features
5. The difference between URI and URL
HTTP uses Uniform Resource Identifiers (URI) to transfer data and establish connections.Identifier
Location symbol
6. HTTP message composition
Request message composition
1. Request line: including request method, URL, protocol/versionResponse message composition
1. Status line7. Common request methods
GET: Request the specified page information and return the entity body.
POST: Submit data to the specified resource for processing request (such as submitting a form or uploading a file). The data is included in the request body. POST requests may result in the creation of new resources and/or modification of existing resources.
HEAD: Similar to a get request, except that there is no specific content in the returned response, used to obtain the header
PUT: From the client The data transmitted from the client to the server replaces the contents of the specified document.
DELETE: Request the server to delete the specified page.
get request
post request
both contain request headers and request lines, while post has more request bodies.
When accessing a web page, the browser will send a message to the web server ask. The server where this web page is located will return an information header containing an HTTP status code in response to the browser's request.
Status code classification
:1XX- Informational type, the server receives the request and needs the requester to continue the operation.
200 OK - Client request successful
##302 - Temporary jump
400 Bad Request - The client request has a syntax error and cannot be understood by the server
401 Unauthorized - The request is unauthorized, this status code must be the same as WWW- Use the Authenticate header field together
404 - The requested resource does not exist, the wrong URL may have been entered
500 - An unexpected error occurred within the server
##503 Server Unavailable - The server is currently unable to process the client's request and may return to normal after a period of time.
In actual use, most websites now use the https protocol, which is also the future development trend of the Internet. The following is the login request process of a blog website captured through wireshark. You can see that the accessed account and password are all transmitted in clear text, so the request sent by the client is very It is easy to be intercepted and exploited by criminals. Therefore, the HTTP protocol is not suitable for transmitting some sensitive information, such as various account numbers, passwords and other information. It is very unsafe to use the HTTP protocol to transmit private information. Generally, there are the following problems in http: The request information is transmitted in clear text and is easily intercepted by eavesdropping. The integrity of the data has not been verified and is easily tampered with The identity of the other party has not been verified, and there is a risk of impersonation 10. What is HTTPS? In order to solve the above problems of HTTP, HTTPS is used. HTTPS protocol (HyperText Transfer Protocol over Secure Socket Layer): Generally understood as HTTP SSL/TLS, the identity of the server is verified through the SSL certificate and the communication between the browser and the server is encrypted. So what is SSL? SSL (Secure Socket Layer): Developed by Netscape in 1994, the SSL protocol is located between the TCP/IP protocol and various application layer protocols. It is a data Communication provides security support. TLS (Transport Layer Security, Transport Layer Security): Its predecessor is SSL. Its first few versions (SSL 1.0, SSL 2.0, SSL 3.0) were developed by Netscape and were adopted starting from 3.1 in 1999. The IETF standardized and renamed it, and now there are three versions: TLS 1.0, TLS 1.1, and TLS 1.2. SSL3.0 and TLS1.0 are rarely used due to security vulnerabilities. TLS 1.3 will have major changes and is still in the draft stage. The most widely used ones are TLS 1.1 and TLS 1.2. SSL development history (Internet encrypted communication) 1. In 1994, NetSpace designed version 1.0 of the SSL protocol (Secure Sockets Layout), but it was not released. 2. NetSpace released the SSL/2.0 version in 1995, and serious vulnerabilities were quickly discovered 3. The SSL/3.0 version was released in 1996 and was widely used 4 , In 1999, the SSL upgraded version TLS/1.0 was released, which is currently the most widely used version 5. In 2006 and 2008, TLS/1.1 and TLS/1.2 versions #11. What is the process of the browser using HTTPS to transmit data? 2. After receiving the client's request, the server will send a copy of the certificate information supported by the website (the certificate contains the public key) to the client. 3. The client's server begins to negotiate the security level of the SSL connection, which is the level of information encryption. 4. The client's browser establishes a session key based on the security level agreed by both parties, then uses the website's public key to encrypt the session key and transmits it to the website. 5. The server uses its own private key to decrypt the session key. 6. The server uses the session key to encrypt the communication with the client. 12. Disadvantages of HTTPS 13. Summarize the difference between HTTPS and HTTP Recommended tutorial: Web server security
The HTTPS protocol has multiple handshakes, causing the page loading time to be extended by nearly 50% ;
HTTPS is the security of HTTP protocol Version, the data transmission of the HTTP protocol is clear text and is unsafe. HTTPS uses the SSL/TLS protocol for encryption.
The above is the detailed content of Quickly learn about HTTP and HTTPS protocols!. For more information, please follow other related articles on the PHP Chinese website!