Explanation of the strongest HTTP protocol in the whole network

Java confidant_ 2022-06-23 18:40:16 阅读数:68


Click on the official account , Practical technical articles Know in time bb290c50b6f259b2c0e193c267bc6156.png

Write at the top

Hypertext transfer protocol (Hyper Text Transfer Protocol,HTTP) It's a simple request - Response protocol , It is based on TCP Application layer transport protocol . It specifies what messages the client may send to the server and what response it will get .

HTTP It's a kind of statelessness (stateless) agreement , HTTP The protocol itself does not persist the communication state of the sent request and response . The purpose of this is to keep HTTP The simplicity of the agreement , So that a large number of transactions can be processed quickly , Increase of efficiency .

HTTP Request body

HTTP The request body is the data sent to the server when requesting data , After all, get data from the server , First show me how to , And what you want !


HTTP Request body by : Request line 、 Request header 、 The request body consists of .

frequently-used HTTP Method

  • GET: Used to request access has been URI( Uniform resource identifiers ) Identified resources , Can pass URL Pass the parameters to the server .

  • POST: Used to transmit information to the server , Main functions and GET The method is similar to , But it is generally recommended to use POST The way .

  • PUT: Transfer files , The message body contains the contents of the file , Save to the corresponding URI Location .

  • HEAD: Get the message header , And GET The method is similar to , Just don't return the message body , Generally used to verify URI Whether it works .

  • DELETE: Delete file , And PUT Contrary to the method , Delete the corresponding URI Location file .

  • OPTIONS: The query corresponds to URI Supported by HTTP Method .

Post Request example

# Method URL Version   Request line
POST /httpLearn/postRequest HTTP/1.1
# Request Header   Request header
User-Agent: apifox/1.0.0 (https://www.apifox.cn)
Content-Length: 126
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
# Request Message   Request body
Content-Disposition: form-data; name="param"

Get Request example

Get The request has no body

# Method URL Version   Request line
GET /httpLearn/getRequest?param=123 HTTP/1.1
# Request Header   Request header
User-Agent: apifox/1.0.0 (https://www.apifox.cn)

GET And POST The difference between

GET And POST They are the two kinds we usually use HTTP Method, The differences between them mainly include the following five aspects :

  • In terms of function ,GET Generally used to get resources from the server ,POST Generally used to update resources on the server ;

  • from REST In terms of service ,GET Idempotent , That is, reading the same resource , Always get the same data , and POST Not idempotent , Because every request for a change to a resource is not the same ;

  • In terms of the request parameter form ,GET The requested data is attached URL after , Place request data in HTTP In the request header of the message , With ? Division URL And transmit data , Between parameters & Connected to a ; and POST The request will place the submitted data at yes HTTP In the request body of the request message .

  • From the safety point of view ,POST It's safer than GET High security , because GET The data requested to be submitted will appear in clear text at URL On , and POST request Parameters are wrapped in the request body , Relatively safer .

  • From the size of the request ,GET The length of the request is limited by the browser or server pair URL Length limitation , The amount of data allowed to be sent is relatively small , and POST The request has no size limit .

Http response message

HTTP Response message of Is the data returned by the server , There must be a requester before a response message .


HTTP The response message is sent by : Status line 、 Response head 、 Response body form .

common Response Code classification

  • 1xx( Temporary response ): Information , The server receives the request , Requester is required to continue ;

  • 2xx( success ): Operation received and processed successfully ;

  • 3xx( Redirect ): Further action is required to complete the request ;

  • 4xx( Client error ): The request contains a syntax error or could not be completed ;

  • 5xx( Server error ): The server encountered an error while processing the request ;

Response example

# Version  Response Code   Status line
HTTP/1.1 200 OK
# Response Header   Response head
Date:Wed, 19 Jan 2022 11:37:00 GMT
# Response Message   Response body
post request is ok,param = post

Complete at one time HTTP The steps of the request

When we're in web Enter... In the browser's address bar :www.baidu.com, And then go back , What happened ?

  • By domain name → IP Address seek IP The process of the address goes through the browser cache in turn 、 System cache 、hosts file 、 Router cache 、 Recursively search the root DNS server (DNS analysis ).

  • establish TCP/IP Connect ( The specific process of three handshakes ).

  • The browser sends a HTTP request .

  • Forwarding through router , Through the server's firewall , The HTTP The request reached the server .

  • The server handles the HTTP request , Return to one HTML file .

  • The browser parses the HTML file , And it's on the browser side .

  • Server down TCP Connect ( The specific process of four waves ).


HTTP The protocol runs in TCP above , Plaintext transmission , Neither the client nor the server can verify the identity of each other .Https It's through SSL(Secure Socket Layer, Secure socket layer ) or TLS(Transport Layer Security, Security layer transport protocol ) Combined use of , encryption HTTP The content of the communication . It belongs to communication encryption , That is, encrypt... In the whole communication line .


HTTPS Use shared key encryption ( symmetry ) And public key encryption ( Asymmetric ) A hybrid encryption mechanism for both . If the key can be exchanged safely , Then it is possible to consider using only public key encryption to communicate . But public key encryption is better than shared key encryption , Its processing speed is slow .

HTTP Deficiency

  • The risk of eavesdropping : The communication uses clear text ( No encryption ), Content may be bugged ;

  • Pretend to be a risk : Do not verify the identity of the communicating party , So there's a chance of camouflage ;

  • Risk of tampering : Can't prove the integrity of the message , So it may have been tampered with ;

Difference between them

  • Different ports : Http And Http Use different connections , The ports are different , The former is 80, The latter is 443;

  • resource consumption : and Http Communication compared with ,Https Communication will consume more due to encryption and decryption CPU And memory resources ;

  • expenses : Https Communication requires Certificate , And certificate needs to buy from accrediting orgnaization commonly ;

HTTPS working principle

【1】 Client initiated HTTPS request

The user enters a... In the browser https website , Then connect to server Of 443 port .

【2】 Server-side configuration

use HTTPS The server of the protocol must have a set of digital certificates , You can make it yourself , You can also apply to the organization , The difference is that the certificate issued by itself needs to be verified by the client , To continue to visit , The certificate applied by the trusted company will not pop up a prompt page .

This set of certificates is actually a pair of public key and private key , Think of it as a key and a lock , Only you are the only one in the world who has this key , You can give the lock to someone else , Others can use this lock to lock up important things , And send it to you , Because you alone have the key , So only you can see what's locked up .

【3】 Transmission certificate

This certificate is actually the public key , It's just a lot of information , Such as the certification authority , Expiration time, etc .

【4】 Client resolves Certificate

By client TLS To complete , First, it will verify whether the public key is valid , For example, the issuing authority , Expiration time, etc . If an exception is found , A warning box will pop up , There is a problem with the certificate .

If the certificate is OK , So we're going to generate a random value , The random value is then encrypted with a certificate , As it says , Lock the random value with the lock , So unless there's a key , Otherwise, we can't see the locked content .

【5】 Send encrypted messages

Random value encrypted with certificate , The purpose is to let the server get the random value , After that, the communication between the client and the server can be encrypted and decrypted through this random value .

【6】 The server decrypts the information

After the server decrypts with the private key , Get the random value from the client ( Private key ), The content is then symmetrically encrypted with this value , Symmetric encryption is , Mix information and private key together by some algorithm , So unless you know the private key , Otherwise, we can't get the content , And both the client and the server know the private key , So as long as the encryption algorithm is strong enough , The private key is complex enough , Data is safe enough .

【7】 Transmit encrypted information

The information encrypted by the private key in the service segment , Can be restored on the client side .

【8】 Client decrypts information

The client uses the previously generated private key to decrypt the information from the service segment , So we get the decrypted content , In the whole process, even if the third party listens to the data , Can't decrypt information .

HTTPS The shortcomings of

  • HTTPS The agreement shakes hands many times , The loading time of the page is prolonged by nearly 50%;

  • HTTPS Connection caching is not as good as HTTP Efficient , Will increase data overhead and power consumption ;

  • SSL The security algorithms involved will consume CPU resources , It consumes a lot of server resources ;

source :blog.csdn.net/csp732171109/article/details/122608300


Java Interview questions

Technical involution group , Learn together !!


PS: Because the official account platform changed the push rules. , If you don't want to miss the content , Remember to click after reading “ Looking at ”, Add one “ Star standard ”, In this way, each new article push will appear in your subscription list for the first time . spot “ Looking at ” Support us !

版权声明:本文为[Java confidant_]所创,转载请带上原文链接,感谢。 https://javamana.com/2022/174/202206231747131715.html