You get a text HTTP and HTTPS protocols

1. What is the protocol?

Network protocol is an "agreement" or "rules" in order to achieve network communication between computers and agreed that with this "agreement" between different vendors' equipment as well as computers with different operating system components, you can achieve communication.

What 2.HTTP protocol is?

HTTP protocol is Hypertext Transfer Protocol acronym, and English is the Hyper Text Transfer Protocol. It is transmitted from HTML WEB server (HTML) protocol to transfer the local browser.

HTTP was originally designed purpose is to provide a method to publish and receive HTML pages.

HTPP there are several versions, it is currently widely used HTTP / 1.1 version.

3.HTTP principle

HTTP is a protocol to transfer data based on TCP / IP communication protocol, data transmission type is HTML File, image files, query results and so on.

HTTP protocol is generally used for B / S structure (). Browser as an HTTP client URL that is WEB server sends all requests to the server via HTTP.

We visit Baidu, for example:

4.HTTP Features

1. http protocol supports client / server mode, but also a request / response protocol mode.
2. Simple and fast: a customer service request to the server, instead of sending the request method and path. Request method commonly used GET, HEAD, POST.
3. Flexible: HTTP allows the transmission of any type of data object. The type of transmission to be marked by the Content-Type.
4. Connectionless: restriction processing one request per connection. Server processes the request, and upon receipt of the customer's response, that is disconnected, but not conducive to the client and server to maintain session connection, in order to make up the shortfall, resulting in a technical state of http two records, called Cookie, called Session.
5. Stateless: no stateless protocol memory means for transaction processing, subsequent processing need preceding information, it must be retransmitted.

5.URI and URL difference

HTTP uses uniform resource identifier (Uniform Resource Identifiers, URI) to transmit data and establish a connection.

• URI: Uniform Resource Identifier uniform resource identifier symbol
• URL: Uniform Resource Location uniform resource locating breaks

URI is used to indicate a specific resource, we can know what a resource URI Yes.

URL is used to locate a specific resource, indicate a specific resource location. Each file on the Internet has a unique URL.

6.HTTP message composition

Request message construction

1. Request Line: includes a request method, URL, protocol / version

2. Request header (Request Header)

3. Request body

Response message construction

1. State line

2. Response header

3. The response body

7. common request method

• GET: request page information specified, and returns the entity body.
• POST: Submit data processing request to the specified resource (e.g., file submission form or upload). Data contained in the request body. POST request may result in a revision to establish and / or existing resources to new resources.
• HEAD: similar to the get request, the response is returned but not the specific content, for obtaining the header
• PUT: replace specific content of the document data transmitted to the client from the server.
• DELETE: requests the server to delete the specified page.

get request

post request

post and get the difference between:

• Request header contains the request line, post multiple request body.
• get used to multi-query request parameter in the url, it will not have an effect on the content on the server. post used to submit, such as the account password into the body in.
• GET is added directly to the back of the URL, you can see directly in the URL, whereas POST is placed inside the packet, the user can not be seen directly.
• GET submitted the data length is limited because of URL length limitations, specific length limit depending on your browser may be. And no POST.

8. Response status code

When accessing a Web page, the browser sends a request to a web server. This page server resides returns information header contains a status code of the HTTP response to the browser request.

Status Code Category :

• 1XX- type information, the server receives the request, the requester needs to continue.
• 2XX- successful type, the request is successfully received, understood and treated.
• 3XX - redirection, further action is required to complete the request.
• 4XX - error client request contains a syntax error or unable to complete the request.
• 5XX - Server Error The server error has occurred during the processing of the request.

常见状态码：

• 200 OK - 客户端请求成功
• 301 - 资源（网页等）被永久转移到其它URL
• 302 - 临时跳转
• 400 Bad Request - 客户端请求有语法错误，不能被服务器所理解
• 401 Unauthorized - 请求未经授权，这个状态代码必须和WWW-Authenticate报头域一起使用
• 404 - 请求资源不存在，可能是输入了错误的URL
• 500 - 服务器内部发生了不可预期的错误
• 503 Server Unavailable - 服务器当前不能处理客户端的请求，一段时间后可能恢复正常。

9.为什么要用https？

实际使用中，绝大说的网站现在都采用的是https协议，这也是未来互联网发展的趋势。下面是通过wireshark抓取的一个博客网站的登录请求过程。

可以看到访问的账号密码都是明文传输， 这样客户端发出的请求很容易被不法分子截取利用，因此，HTTP协议不适合传输一些敏感信息，比如：各种账号、密码等信息，使用http协议传输隐私信息非常不安全。

一般http中存在如下问题：

• 请求信息明文传输，容易被窃听截取。
• 数据的完整性未校验，容易被篡改
• 没有验证对方身份，存在冒充危险

10.什么是HTTPS?

为了解决上述HTTP存在的问题，就用到了HTTPS。

HTTPS 协议（HyperText Transfer Protocol over Secure Socket Layer）：一般理解为HTTP+SSL/TLS，通过 SSL证书来验证服务器的身份，并为浏览器和服务器之间的通信进行加密。

那么SSL又是什么？

SSL（Secure Socket Layer，安全套接字层）：1994年为 Netscape 所研发，SSL 协议位于 TCP/IP 协议与各种应用层协议之间，为数据通讯提供安全支持。

TLS（Transport Layer Security，传输层安全）：其前身是 SSL，它最初的几个版本（SSL 1.0、SSL 2.0、SSL 3.0）由网景公司开发，1999年从 3.1 开始被 IETF 标准化并改名，发展至今已经有 TLS 1.0、TLS 1.1、TLS 1.2 三个版本。SSL3.0和TLS1.0由于存在安全漏洞，已经很少被使用到。TLS 1.3 改动会比较大，目前还在草案阶段，目前使用最广泛的是TLS 1.1、TLS 1.2。

SSL发展史（互联网加密通信）

1. 1994年NetSpace公司设计SSL协议（Secure Sockets Layout）1.0版本，但未发布。
2. 1995年NetSpace发布SSL/2.0版本，很快发现有严重漏洞
3. 1996年发布SSL/3.0版本，得到大规模应用
4. 1999年，发布了SSL升级版TLS/1.0版本，目前应用最广泛的版本
5. 2006年和2008年，发布了TLS/1.1版本和TLS/1.2版本

11.浏览器在使用HTTPS传输数据的流程是什么？

1. 首先客户端通过URL访问服务器建立SSL连接。
2. 服务端收到客户端请求后，会将网站支持的证书信息（证书中包含公钥）传送一份给客户端。
3. 客户端的服务器开始协商SSL连接的安全等级，也就是信息加密的等级。
4. 客户端的浏览器根据双方同意的安全等级，建立会话密钥，然后利用网站的公钥将会话密钥加密，并传送给网站。
5. 服务器利用自己的私钥解密出会话密钥。
6. 服务器利用会话密钥加密与客户端之间的通信。

12.HTTPS的缺点

• HTTPS协议多次握手，导致页面的加载时间延长近50%；
• HTTPS连接缓存不如HTTP高效，会增加数据开销和功耗；
• 申请SSL证书需要钱，功能越强大的证书费用越高。
• SSL涉及到的安全算法会消耗 CPU 资源，对服务器资源消耗较大。

13.总结HTTPS和HTTP的区别

• HTTPS是HTTP协议的安全版本，HTTP协议的数据传输是明文的，是不安全的，HTTPS使用了SSL/TLS协议进行了加密处理。
• http和https使用连接方式不同，默认端口也不一样，http是80，https是443。