Tencent interview, do you really understand HTTP?

This issue is the 3 issue of the [ Interview ] series of articles, simulating the content of the HTTP interview.

Interview begins

Interviewer : Seeing that you are familiar with HTTP, what is HTTP?

Monologue: Hey, I just wanted to guide you to ask this

: Well, the HTTP protocol is short for Hyper Text Transfer Protocol, which is a transfer protocol for transferring hypertext from a web server to a local browser. An agreement is actually a format agreed upon by both parties to ensure that both parties can understand this format.

Interviewer : What are the characteristics of the HTTP protocol?

: 1. HTTP allows the transmission of data of any type . The type of transfer is marked by Content-Type.

: 2. stateless . For each request sent by the client, the server considers it a new request, and there is no connection between the previous session and the next session.

: 3. Support client/server mode .

Interviewer : know HTTP long connections?

Monologue: Classic Interview Questions!

: HTTP long connection, referring to multiplexing TCP connection . Multiple HTTP requests can reuse the same TCP connection, which saves the consumption of TCP connection establishment and disconnection.

: HTTP1.0 uses the short connection by default. Each time the browser and the server perform an HTTP operation, a connection is established, and the connection is terminated when the task ends.

: HTTP1.1, the default long connection is used. To use a persistent connection, the Connection in the HTTP header of the client and server must be set to keep-alive in order to support persistent connections.

Interviewer : Well, just mentioned HTTP1.0 and HTTP1.1, do you know the difference between HTTP1.1 and HTTP2.0?

: The features supported by HTTP2.0 compared to HTTP1.1 are as follows:

• New binary format : HTTP1.1 transmits data based on text format; HTTP2.0 transmits data in binary format, which makes parsing more efficient.
• Multiplexing : In one connection, multiple requests or responses are allowed to be sent at the same time, and these requests or responses can be transmitted in parallel without being blocked .
• header compression , the header of HTTP1.1 has a lot of information, and it has to be sent repeatedly every time; HTTP2.0 separates the header from the data and encapsulates it into header frames and data frames, uses a specific algorithm to compress the header frame , effectively reducing the header size. And HTTP2.0 records the key-value pair sent before on the client and server side, and the same data will not be sent repeatedly. example, request a sends all the header fields, and request b needs to send which can reduce redundant data and reduce overhead.
• Server push : HTTP2.0 allows the server to push resources to the client without the client sending a request to the server to get it.

Interviewer : not bad good! One more question, do you think HTTP communication is safe?

Monologue: Is it safe to run naked...

: HTTP is plaintext transmission , which is easy to be eavesdropped or tampered with by hackers and is not safe.

: HTTPS can be used to solve the defects of the HTTP plaintext protocol, adding the SSL/TLS protocol on the basis of HTTP, relying on the SSL certificate to verify the identity of the server, establishing an SSL channel between the client and the server to ensure data Transmission security.

Interviewer : Oh? Talk about the principle of HTTPS? You can for details

Monologue: Sure enough, there is no escape from this problem...

: First is the TCP three-way handshake, then the client initiates an HTTPS connection establishment request, the client first sends a Client Hello packet, and then the server responds Server Hello , and then sends its certificate to the client, and then the two sides pass the encrypted Key exchange, and finally use the exchanged key to encrypt and decrypt data.

: The specific process is as follows:

: First, negotiates the encryption algorithm . In Client Hello , the client will inform the server of its current information, including the TLS version to be used by the client, the supported encryption algorithm, the domain name to be accessed, and a random number (Nonce) generated for the server. You need to inform the server of the domain name you want to access in advance so that the server can send the certificate for the corresponding domain name.

: The server responds Server Hello , telling the client the encryption algorithm selected by the .

: Then the server sent a certificate to the client.

: The client uses the RSA public key published by the certificate's certification authority CA to verify the certificate .

: After the verification is passed, the browser and the server generate the shared symmetric key through the key exchange algorithm .

: Start to transmit data, use the same symmetric key to encrypt and decrypt.

Interviewer : The understanding is still in place, not bad! The interview is here today, I will let you know when there is news.

: Okay, thank you

Monologue: Fortunately, the eight-legged essays on the back are used~