Shulou(Shulou.com)06/03 Report--

This article mainly explains the "detailed explanation of the working principle of HTTP and HTTPS". The content of the explanation in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and study "detailed explanation of the working principle of HTTP and HTTPS".

one。 HTTP

1. Introduction

Http is a hypertext transfer protocol, the full name "Hyper Text Transfer Protocol". It runs on the TCP protocol and is a protocol for transferring hypertext between the World wide Web server and the local browser.

two。 working principle

HTTP protocol is based on the client-server model, usually the browser sends all requests to the HTTP server through URL as the HTTP client, and the WEB server sends the corresponding information to the client according to the received request. The specific process is as follows:

(1)。 Establish a connection between the client and the server

(2)。 The client sends requests to the server

(3)。 The server receives the request and returns the corresponding result as a reply according to the request.

(4)。 The client closes the connection with the server.

As shown in the following figure:

3. Common request header information

Accept: specifies the type of content that the client can receive

Accept-Charset: character encoding set acceptable to browsers

Accept-Encoding: specifies the type of content compression encoding returned by the web server that the browser can support

Accept-Language: a language acceptable to browsers

Accept-Ranges: you can request one or more sub-scope fields of a web page entity

Authorization: certificate of authorization for HTTP authorization

Cache-Control: specifies the caching mechanism that requests and responses follow

Connection: indicates whether a persistent connection is required

Cookie HTTP: when a request is sent, all cookie values saved under the request domain name will be sent to the web server together.

Content-Length: the content length of the request

Content-Type: requested MIME information corresponding to the entity

Date: date and time when the request was sent

Expect: the specific server behavior of the request

From: of the user who made the request

Host: specify the domain name and port number of the requested server

Pragma: used to contain implementation-specific instructions

Proxy-Authorization: certificate of authorization to connect to the agent

Range: request only part of the entity. Specify a range of Range: bytes=500-999

Referer: the address of the previous web page, followed by the current requesting web page

Upgrade: assign a transport protocol to the server so that the server can convert

4. Common response header information

Accept-Ranges: indicates whether the server supports specified range requests and what type of segmentation requests

Age: estimated time from the original server to the proxy cache formation (in seconds, non-negative)

Allow: a valid request for a network resource. 405 is returned if it is not allowed.

Cache-Control: tells all caching mechanisms whether they can be cached and which type

Content-Encoding: the compression encoding type of the returned content supported by the web server

Content-Language: the language of the responder

Content-Length: the length of the responder

Content-Location: an alternate address where the request resource can be replaced

Content-MD5: returns the MD5 check value of the resource

Content-Range: the byte position of this part in the entire return body

Content-Type: the MIME type of the content returned

Date: the time when the original server message was sent

Location: used to redirect the recipient to the location of the non-requesting URL to complete the request or identify a new resource

Pragma: includes implementing specific instructions that can be applied to any receiver on the response chain

Proxy-Authenticate: it indicates the authentication scheme and the parameters on the URL that can be applied to the agent

Refresh: applied to redirection or a new resource is created, redirected after 5 seconds (proposed by Netscape and supported by most browsers)

Retry-After: if the entity is temporarily undesirable, notify the client to try again after the specified time

Server: web server software name

Set-Cookie: setting Http Cookie

two。 HTTPS

1. Introduction

HTTPS (Secure Hypertext Transfer Protocol) secure Hypertext transfer Protocol, HTTPS is the secure version of HTTP protocol, which establishes the SSL encryption layer on HTTP and encrypts the transmitted data. As shown below:

2.HTTPS encryption algorithm

(1)。 Symmetrical encryption

The client uses a known algorithm to encrypt the information to be sent to the server, and the server sends the secret key separately, and the server decrypts the encrypted information with the received secret key, that is, the encryption method of the single key cryptosystem is adopted. the same key can be used for both encryption and decryption of information. As shown in the following figure:

(1)。 Asymmetric encryption

There are two locks in asymmetric encryption, one is a private key and the other is a public key. when using asymmetric encryption, the client encrypts according to the public key given by the server, and the server receives the ciphertext and decrypts it through the private key. As shown in the following figure:

3. Certificate key encryption

Digital certificate certification authority is a third-party organization that can be trusted by both client and server.

1. The developer of the server carries the public key and applies for the public key to the digital certificate certification authority. After recognizing the identity of the applicant and passing the verification, the digital certificate certification authority will digitally sign the public key applied by the developer. Then distribute the signed public key and bind the key in the certificate.

two。 The server sends the digital certificate to the client, and the client verifies the authenticity of the public key through the digital signature in the digital certificate to ensure that the public key transmitted by the server is true. In general, the digital signature of the certificate is very difficult to be forged, which depends on the credibility of the certification body. Once the missing information is correct, the client will encrypt the message through the public key. After receiving it, the server decrypts it with its own private key.

Thank you for your reading, the above is the content of "detailed explanation of the working principle of HTTP and HTTPS". After the study of this article, I believe you have a deeper understanding of the detailed explanation of the working principle of HTTP and HTTPS, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.