Moment For Technology

The interviewer asked about three handshakes, I threw out this brain map, and he took it!

Posted on Aug. 8, 2022, 3:17 p.m. by David Batchelar
Category: The front end Tag: chrome http


I read how Networks Are Connected and two HTTP related columns while I was out of work.

On the one hand to supplement professional knowledge, on the other hand to prepare for the job interview.

To avoid forgetting, draw a picture of XMind:

There are too many questions worth going into, so I'll start with them today:WebSeveral "handshakes"

1. More than one handshake

In the early days of network transmission, it was thereTCPThe protocol required a "handshake" process, but earlier protocols had a drawback: communication could only be initiated by the client, rather than the server actively pushing information to the client.

The WebSocket protocol was born in 2008 and became an international standard in 2011. All browsers already support it.

With the improvement of SSL/TLS, HTTPS, a secure version of the network protocol that has existed for a long time, has also exploded.

Finally, the protocol handshake of the front end is divided into three parts:

  1. TCPThree handshakes, goHTTP.
  2. TLSShaking hands,HTTPS
  3. WebSocketShake hands, based onTCPProtocols, it all works.

2. TCPThe ultimate meaning of the three-way handshake

In my previous post: "Maka Warning" relearning TCP/IP and the three-way handshake

I also talked at length about the TCP three-way handshake, but at the time I didn't fully realize its implications.

Just like everyone else, they remember it before the interview and forget it afterwards.

Until I saw this quote from How The Web Is Connected:

** In actual communication, serial numbers do not start with 1, but need to calculate an initial value with random number, because

If the serial numbers all start at 1, the communication process is very predictable, and someone can use that to launch an attack. 台湾国

** But if the initial value is random, then the other party will not know whether the serial number is from

So you need to inform the communication object of the initial value before you start sending and receiving data. 台湾国

You taste, you fine taste. Isn't shaking hands three times just a way of testing each other's signals to make sure it's the right person?

2.1 Knowledge Supplement: The maximum length of a network packet

The stack calculates how much data each network packet can hold based on a parameter called MTU.

MTU Indicates the maximum length of a network packet. On Ethernet, it is 1500 bytes

MTUIs the total length of the containing header, so it needs to be fromMTUSubtract the length of the header, and the resulting length is the maximum length of data that can fit in a network packet, which is calledMSS.

It can be seen from the above two figures that the MSS value is 1460 (1500-40) bytes, where:

  1. TCPFixed to the head20Bytes.
  2. IPFixed to the head20Bytes.
  3. TCPThe longest head can be reached60Bytes.

3. TLSHandshake:HTTPSThe core of the

HTTPS is a "very simple" protocol. The RFC document is only seven pages long, specifying the new protocol name "HTTPS", the default port number 443, and the rest of the request-reply mode, packet structure, request method, URI, header field, connection management, and so on, all follow HTTP. There's nothing new. ---- Perspective HTTP Protocol

Interested can look at here: link:

3.1 TLS/SSLWhat is it?

A lot of people get confused when they see TLS/SSL. In fact, these two things are the same thing:

1999 renamed SSL 3 === TLS 1.0

The most widely used is TLS 1.2:

TLS is composed of several sub-protocols, such as recording protocol, handshake protocol, warning protocol, password change protocol and extension protocol. It uses many cutting-edge cryptography technologies, such as symmetric encryption, asymmetric encryption and identity authentication.

TLS/SSL is located between the application layer and transport layer TCP. TLS can be roughly divided into two layers:

  1. TLS Handshaking Protocols near the application layer

  2. TLS Record Protocol, a Record layer Protocol close to TCP

This is too much to write, but let's focus on the TLS handshake.

3.2 TLSShaking hands,

When does a TLS handshake occur? :

  1. Every time a user passesHTTPSThis happens when you navigate to the site and the browser first starts querying the site's original serverTLSA handshake.
  2. Whenever any other communication is usedHTTPS(includingAPICalls andHTTPSQuery on DNS), also occursTLSA handshake.
  3. Occurs when a TCP connection is opened through a TCP handshakeTLSA handshake.

What happens during a TLS handshake?

During the TLS handshake, the client and server perform the following operations together:

  • Specify the TLS version to be used (TLS 1.0, 1.2, 1.3, etc.)
  • Determine which encryption suites will be used.
  • The server is authenticated by its public key and the digital signature of the SSL certificate authority
  • After the handshake is complete, the session key is generated to use symmetric encryption

Encryption suite determines the handshake:

From: DETAILS of THE SSL Handshake process in HTTPS

There are two main handshake types in TLS: one based on RSA and one based on Diffie-Hellman. The main difference between the two handshake types is in master key exchange and authentication.

The secret key exchange The authentication
RSA handshake RSA RSA
DH handshake DH RSA/DSA

The main handshake types are based on RSA, so this tutorial is based on RSA.

The whole process is shown in the figure below:Specific process description:

  1. The clienthello: The client initiates a handshake by sending a greeting message to the server. The message will include the client-supported version of TLS, the supported encryption suite, and a random byte string called "client-side randomness."
  2. The serverhello: indicates the reply clienthelloMessage, the server sends a message containing the server'sSSLThe certificate, the encryption suite chosen by the server, and the "server random number," another random byte string generated by the server.
  3. The client sends a pre-master key encrypted with a public key.
  4. The server decrypts the encrypted pre-master key with its own private key.
    • The clientfinished: The client sends a done message, which is encrypted with the session key.
    • The serverfinished: The server sends a done message encrypted with the session key.
  5. The handshake is completed, followed by master key encryption and decryption.

Only encryption suite, explain the need to have a packet capture basis. Some other time, some other time I will...

4. WebSocketShake hands

The WebSocket protocol is relatively simple to implement. It uses the HTTP protocol for the initial handshake. After a successful handshake, the connection is established and the WebSocket basically reads/writes data using raw TCP.

The diagram in The book Diagrams of HTTP makes it clear:

The specific steps are as follows:

  1. Client request:
  GET /chat HTTP/1.1     
Upgrade: websocket     
Connection: Upgrade     
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==     
Sec-WebSocket-Protocol: chat, superchat     
Sec-WebSocket-Version: 13     
Copy the code
  1. Server response:
    HTTP/1.1 101 
Switching Protocols     
Upgrade: websocket     
Connection: Upgrade     
Sec-WebSocket-Accept: HSmrc0sMlYUkAGmm5OPpG2HaGWk=     
Sec-WebSocket-Protocol: chat
Copy the code

4.1 WebsocketFull duplex communication

Websocket protocol solves the problem of full duplex communication between server and client.

So what is simplex, half duplex, full duplex communication?

type Ability to
simplex Unidirectional transmission of information
Half duplex Information can be sent both ways, but not simultaneously
Full duplex Information can be sent both ways simultaneously

4.2 WebsocketandSocketThe difference between

Can put theWebSocketTo imagineHTTPApplication layer),HTTPandSocketWhat kind of relationship,WebSocketandSocketIt's a relationship.

1. WebSocketwithHTTPThe relationship between

The same

  1. It's all based on the sameTCPAll are reliability transport protocols.
  2. Both are application layer protocols.

The difference between

  1. WebSocketIt's a two-way communication protocol, analogSocketProtocol that can send or receive messages in both directions.HTTPIt's one way.
  2. WebSocketA handshake is required to establish a connection.

2. SocketWhat is?

Socket is the intermediate software abstraction layer of communication between application layer and TCP/IP protocol family. It is a group of interfaces.

In the design mode, Socket is actually a facade mode, it hides the complex TCP/IP protocol family behind the Socket interface, for the user, a simple set of interfaces is all, let the Socket to organize data to conform to the specified protocol.

4.3 Expanding knowledge:Socket.IOSeven tiers downgraded

inGolang,Java SpringAnd so on,websocketHave a set of implementationsAPI.

Socket.IO consists of two parts:

  1. A server for integrating (or mounting) toNode.JS
  2. A client loaded into a

Many people think socket. IO is just WebSocket and XHR long polling.

In fact, socket. IO has a number of transport mechanisms:

FlashSocket 3. XHR long Polling 4. XHR part split: Multipart /form-data 5. XHR polling 6Copy the code

Thanks to so many transport mechanisms, socket. IO compatibility is nothing to worry about.

5. Extension:HTTPSHTTPThe core difference between

What is a Socket? One thing I forgot to mention:

There are two key differences between HTTPS and HTTP:

  1. theHTTPThe underlying transport protocol is defined byTCP/IPReplaced with aSSL/TLS
  2. Incoming and outgoing messages are no longer in useSocket APIInstead, call a specialized security interface.

Specific differences:

  1. HTTPSThe protocol needs to beCAApplication certificate, generally free certificate is very few, need to pay a fee.
  2. HTTPIt's hypertext transfer protocol, information is in clear text,HTTPSIs a secure SSL encrypted transport protocol.
  3. HTTPandhttpsThey're using a completely different connection, and they're using a different port. The former is80, which is443.
  4. HTTPThe connection is simple and stateless.HTTPSAgreement is madeSSL+HTTPProtocol a network protocol built for encrypted transmission and identity authenticationHTTPProtocol security.

Postscript and citations

This article draws on numerous sources and columns:

1. Details of THE SSL Handshake process in HTTPS

In my brain map, I have summarized 8 kindsHTTPCore problem.

As a front end to a career change, understanding these HTTP processes is both painful and fun. Want to brain map can scan code plus me, or public number reply: HTTP

❤️ Read three things

If you find this article inspiring, I'd like to invite you to do me three small favors:

  1. Like, so that more people can see this content (collection does not like, is a rogue -_-)
  2. Pay attention to "front-end persuaders" and share original knowledge from time to time.
  3. Look at other articles as well

Personal wechat: Huab119

You can also get all the posts from my GitHub blog:

Front-end persuasion guide: Let's play. ~

About (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.