Quickly learn about HTTP and HTTPS protocols!

#1. What is a protocol?

Network protocol is an "agreement" or "rule" reached between computers to achieve network communication. With this "agreement", production equipment from different manufacturers, and Communication can be achieved between computers composed of different operating systems.

2. What is the HTTP protocol?

HTTP protocol is the abbreviation of Hypertext Transfer Protocol, and the English name is Hyper Text Transfer Protocol. It is a transmission protocol for transmitting Hypertext Markup Language (HTML) from a WEB server to a local browser.

The original purpose of designing HTTP was to provide a method for publishing and receiving HTML pages.

HTPP has multiple versions, and the HTTP/1.1 version is currently widely used.

3.HTTP principle

HTTP is a protocol that transmits data based on the TCP/IP communication protocol. The data type transmitted is HTML files. ,, picture files, query results, etc.

HTTP protocol is generally used in B/S architecture (). As an HTTP client, the browser sends all requests to the HTTP server, that is, the WEB server, through the URL.

Let’s take visiting Baidu as an example:

##Access Baidu process

4.HTTP features

• http protocol supports client/server mode and is also a request/response mode agreement.

• Simple and fast: When a client requests a service from the server, it only needs to transmit the request method and path. Commonly used request methods are GET, HEAD, and POST.

• Flexible: HTTP allows the transmission of any type of data object. The type of transmission is marked by Content-Type.

• No connection: Limit each connection to process only one request. After the server processes the request and receives the response from the client, it disconnects, but this is not conducive to maintaining a session connection between the client and the server. In order to make up for this shortcoming, two technologies for recording http status have been developed, one is called Cookie, One is called Session.

• Stateless: Stateless means that the protocol has no memory for transaction processing. If subsequent processing requires the previous information, it must be retransmitted.

5. The difference between URI and URL

HTTP uses Uniform Resource Identifiers (URI) to transfer data and establish connections.

• URI：Uniform Resource Identifier Uniform Resource

  Identifier

• #URL：Uniform Resource Location Uniform Resource

  Location symbol

URI is used to mark a specific resource. We can know what a resource is through the URI.

URL is used to locate specific resources and marks a specific resource location. Every file on the Internet has a unique URL.

6. HTTP message composition

Request message composition

1. Request line: including request method, URL, protocol/version

2. Request Header

3. Request body

Request message composition

Response message composition

1. Status line

2. Response header

3. Response body

Response message composition

7. Common request methods

• GET: Request the specified page information and return the entity body.

• POST: Submit data to the specified resource for processing request (such as submitting a form or uploading a file). The data is included in the request body. POST requests may result in the creation of new resources and/or modification of existing resources.

• HEAD: Similar to a get request, except that there is no specific content in the returned response, used to obtain the header

• PUT: From the client The data transmitted from the client to the server replaces the contents of the specified document.

• DELETE: Request the server to delete the specified page.

get request

##GET request

post request

##POST request

## The difference between #post and get:

both contain request headers and request lines, while post has more request bodies.

• get is mostly used for querying. The request parameters are placed in the URL and will not affect the content on the server. Post is used to submit, such as putting the account password in the body.

• GET is added directly to the end of the URL, and the content can be seen directly in the URL, while POST is placed inside the message and cannot be seen directly by the user.

• The length of data submitted by GET is limited because the URL length is limited. The specific length limit depends on the browser. POST does not.

8. Response status code

When accessing a web page, the browser will send a message to the web server ask. The server where this web page is located will return an information header containing an HTTP status code in response to the browser's request.

Status code classification

:

1XX- Informational type, the server receives the request and needs the requester to continue the operation.

• 2XX- Success type, the request is successfully received, understood and processed.

• 
  

  3XX - Redirect, further action is required to complete the request.

• 
  

  #4XX - Client error, the request contained a syntax error or the request could not be completed.

• 
  

  #5XX - Server error. An error occurred while the server was processing the request.

• 
  

Common status codes

:

200 OK - Client request successful

• 301 - Resources (web pages, etc.) are permanently transferred to other URLs

• 
  ##302 - Temporary jump

• 
  400 Bad Request - The client request has a syntax error and cannot be understood by the server

• 
  401 Unauthorized - The request is unauthorized, this status code must be the same as WWW- Use the Authenticate header field together

• 
  404 - The requested resource does not exist, the wrong URL may have been entered

• 
  500 - An unexpected error occurred within the server

• ##503 Server Unavailable - The server is currently unable to process the client's request and may return to normal after a period of time.
  

• 
  

  9. Why use https?

In actual use, most websites now use the https protocol, which is also the future development trend of the Internet. The following is the login request process of a blog website captured through wireshark.

Blog login packet capture

You can see that the accessed account and password are all transmitted in clear text, so the request sent by the client is very It is easy to be intercepted and exploited by criminals. Therefore, the HTTP protocol is not suitable for transmitting some sensitive information, such as various account numbers, passwords and other information. It is very unsafe to use the HTTP protocol to transmit private information.

Generally, there are the following problems in http:

• The request information is transmitted in clear text and is easily intercepted by eavesdropping.

• The integrity of the data has not been verified and is easily tampered with

• The identity of the other party has not been verified, and there is a risk of impersonation

10. What is HTTPS?

In order to solve the above problems of HTTP, HTTPS is used.

HTTPS protocol (HyperText Transfer Protocol over Secure Socket Layer): Generally understood as HTTP SSL/TLS, the identity of the server is verified through the SSL certificate and the communication between the browser and the server is encrypted.

So what is SSL?

SSL (Secure Socket Layer): Developed by Netscape in 1994, the SSL protocol is located between the TCP/IP protocol and various application layer protocols. It is a data Communication provides security support.

TLS (Transport Layer Security, Transport Layer Security): Its predecessor is SSL. Its first few versions (SSL 1.0, SSL 2.0, SSL 3.0) were developed by Netscape and were adopted starting from 3.1 in 1999. The IETF standardized and renamed it, and now there are three versions: TLS 1.0, TLS 1.1, and TLS 1.2. SSL3.0 and TLS1.0 are rarely used due to security vulnerabilities. TLS 1.3 will have major changes and is still in the draft stage. The most widely used ones are TLS 1.1 and TLS 1.2.

SSL development history (Internet encrypted communication)

1. In 1994, NetSpace designed version 1.0 of the SSL protocol (Secure Sockets Layout), but it was not released.

2. NetSpace released the SSL/2.0 version in 1995, and serious vulnerabilities were quickly discovered

3. The SSL/3.0 version was released in 1996 and was widely used

4 , In 1999, the SSL upgraded version TLS/1.0 was released, which is currently the most widely used version

5. In 2006 and 2008, TLS/1.1 and TLS/1.2 versions

## were released

#11. What is the process of the browser using HTTPS to transmit data?

##HTTPS data transfer process

1 , First, the client accesses the server through the URL to establish an SSL connection.

2. After receiving the client's request, the server will send a copy of the certificate information supported by the website (the certificate contains the public key) to the client.

3. The client's server begins to negotiate the security level of the SSL connection, which is the level of information encryption.

4. The client's browser establishes a session key based on the security level agreed by both parties, then uses the website's public key to encrypt the session key and transmits it to the website.

5. The server uses its own private key to decrypt the session key.

6. The server uses the session key to encrypt the communication with the client.

12. Disadvantages of HTTPS

The HTTPS protocol has multiple handshakes, causing the page loading time to be extended by nearly 50% ;
HTTPS connection caching is not as efficient as HTTP, which will increase data overhead and power consumption;
It costs money to apply for an SSL certificate, the more powerful the function The cost of the certificate is higher.
The security algorithm involved in SSL consumes CPU resources and consumes a lot of server resources.

13. Summarize the difference between HTTPS and HTTP

HTTPS is the security of HTTP protocol Version, the data transmission of the HTTP protocol is clear text and is unsafe. HTTPS uses the SSL/TLS protocol for encryption.
http and https use different connection methods, and the default ports are also different. http is 80 and https is 443.

Recommended tutorial: Web server security

The above is the detailed content of Quickly learn about HTTP and HTTPS protocols!. For more information, please follow other related articles on the PHP Chinese website!