preface
I read how Networks Are Connected and two HTTP related columns while I was out of work.
On the one hand to supplement professional knowledge, on the other hand to prepare for the job interview.
To avoid forgetting, draw a picture of XMind:
There are too many questions worth going into, so I’ll start with them today:WebSeveral “handshakes”
1. More than one handshake
In the early days of network transmission, it was thereTCPThe protocol required a “handshake” process, but earlier protocols had a drawback: communication could only be initiated by the client, rather than the server actively pushing information to the client.
The WebSocket protocol was born in 2008 and became an international standard in 2011. All browsers already support it.
With the improvement of SSL/TLS, HTTPS, a secure version of the network protocol that has existed for a long time, has also exploded.
Finally, the protocol handshake of the front end is divided into three parts:
TCPThree handshakes, goHTTP.TLSShaking hands,HTTPSWebSocketShake hands, based onTCPProtocols, it all works.
2. TCPThe ultimate meaning of the three-way handshake
In my previous post: “Maka Warning” relearning TCP/IP and the three-way handshake
I also talked at length about the TCP three-way handshake, but at the time I didn’t fully realize its implications.
Just like everyone else, they remember it before the interview and forget it afterwards.
Until I saw this quote from How The Web Is Connected:
** In actual communication, serial numbers do not start with 1, but need to calculate an initial value with random number, because
If the serial numbers all start at 1, the communication process is very predictable, and someone can use that to launch an attack. 台湾国
** But if the initial value is random, then the other party will not know whether the serial number is from
So you need to inform the communication object of the initial value before you start sending and receiving data. 台湾国
2.1 Knowledge Supplement: The maximum length of a network packet
The stack calculates how much data each network packet can hold based on a parameter called MTU.
MTU Indicates the maximum length of a network packet. On Ethernet, it is 1500 bytes
MTUIs the total length of the containing header, so it needs to be fromMTUSubtract the length of the header, and the resulting length is the maximum length of data that can fit in a network packet, which is calledMSS.
It can be seen from the above two figures that the MSS value is 1460 (1500-40) bytes, where:
TCPFixed to the head20Bytes.IPFixed to the head20Bytes.TCPThe longest head can be reached60Bytes.
3. TLSHandshake:HTTPSThe core of the
HTTPS is a “very simple” protocol. The RFC document is only seven pages long, specifying the new protocol name “HTTPS”, the default port number 443, and the rest of the request-reply mode, packet structure, request method, URI, header field, connection management, and so on, all follow HTTP. There’s nothing new. —- Perspective HTTP Protocol
Interested can look at here: link: tools.ietf.org/html/rfc281…
3.1 TLS/SSLWhat is it?
A lot of people get confused when they see TLS/SSL. In fact, these two things are the same thing:
1999 renamed SSL 3 === TLS 1.0
The most widely used is TLS 1.2:
TLS is composed of several sub-protocols, such as recording protocol, handshake protocol, warning protocol, password change protocol and extension protocol. It uses many cutting-edge cryptography technologies, such as symmetric encryption, asymmetric encryption and identity authentication.
TLS/SSL is located between the application layer and transport layer TCP. TLS can be roughly divided into two layers:
-
TLS Handshaking Protocols near the application layer
-
TLS Record Protocol, a Record layer Protocol close to TCP
This is too much to write, but let’s focus on the TLS handshake.
3.2 TLSShaking hands,
When does a TLS handshake occur? :
- Every time a user passes
HTTPSThis happens when you navigate to the site and the browser first starts querying the site’s original serverTLSA handshake. - Whenever any other communication is used
HTTPS(includingAPICalls andHTTPSQuery on DNS), also occursTLSA handshake. - Occurs when a TCP connection is opened through a TCP handshake
TLSA handshake.
During the TLS handshake, the client and server perform the following operations together:
- Specify the TLS version to be used (TLS 1.0, 1.2, 1.3, etc.)
- Determine which encryption suites will be used.
- The server is authenticated by its public key and the digital signature of the SSL certificate authority
- After the handshake is complete, the session key is generated to use symmetric encryption
Encryption suite determines the handshake:
From: DETAILS of THE SSL Handshake process in HTTPS
There are two main handshake types in TLS: one based on RSA and one based on Diffie-Hellman. The main difference between the two handshake types is in master key exchange and authentication.
| The secret key exchange | The authentication | |
|---|---|---|
| RSA handshake | RSA | RSA |
| DH handshake | DH | RSA/DSA |
The main handshake types are based on RSA, so this tutorial is based on RSA.
The whole process is shown in the figure below:
- The client
hello: The client initiates a handshake by sending a greeting message to the server. The message will include the client-supported version of TLS, the supported encryption suite, and a random byte string called “client-side randomness.” - The server
hello: indicates the reply clienthelloMessage, the server sends a message containing the server’sSSLThe certificate, the encryption suite chosen by the server, and the “server random number,” another random byte string generated by the server. - The client sends a pre-master key encrypted with a public key.
- The server decrypts the encrypted pre-master key with its own private key.
- The client
finished: The client sends a done message, which is encrypted with the session key. - The server
finished: The server sends a done message encrypted with the session key.
- The client
- The handshake is completed, followed by master key encryption and decryption.
Only encryption suite, explain the need to have a packet capture basis. Some other time, some other time I will…
4. WebSocketShake hands
The WebSocket protocol is relatively simple to implement. It uses the HTTP protocol for the initial handshake. After a successful handshake, the connection is established and the WebSocket basically reads/writes data using raw TCP.
The diagram in The book Diagrams of HTTP makes it clear:
The specific steps are as follows:
- Client request:
GET /chat HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==
Sec-WebSocket-Protocol: chat, superchat
Sec-WebSocket-Version: 13
Origin: http://example.com
Copy the code- Server response:
HTTP/1.1 101
Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: HSmrc0sMlYUkAGmm5OPpG2HaGWk=
Sec-WebSocket-Protocol: chat
Copy the code4.1 WebsocketFull duplex communication
Websocket protocol solves the problem of full duplex communication between server and client.
So what is simplex, half duplex, full duplex communication?
| type | Ability to |
|---|---|
| simplex | Unidirectional transmission of information |
| Half duplex | Information can be sent both ways, but not simultaneously |
| Full duplex | Information can be sent both ways simultaneously |
4.2 WebsocketandSocketThe difference between
Can put theWebSocketTo imagineHTTPApplication layer),HTTPandSocketWhat kind of relationship,WebSocketandSocketIt’s a relationship.
1. WebSocketwithHTTPThe relationship between
The same
- It’s all based on the same
TCPAll are reliability transport protocols. - Both are application layer protocols.
The difference between
WebSocketIt’s a two-way communication protocol, analogSocketProtocol that can send or receive messages in both directions.HTTPIt’s one way.WebSocketA handshake is required to establish a connection.
2. SocketWhat is?
Socket is the intermediate software abstraction layer of communication between application layer and TCP/IP protocol family. It is a group of interfaces.
In the design mode, Socket is actually a facade mode, it hides the complex TCP/IP protocol family behind the Socket interface, for the user, a simple set of interfaces is all, let the Socket to organize data to conform to the specified protocol.
4.3 Expanding knowledge:Socket.IOSeven tiers downgraded
inGolang,Java SpringAnd so on,websocketHave a set of implementationsAPI.
Socket.IO consists of two parts:
- A server for integrating (or mounting) to
Node.JS HTTPServer:socket.io - A client loaded into a browser:
socket.io-client
Many people think socket. IO is just WebSocket and XHR long polling.
In fact, socket. IO has a number of transport mechanisms:
FlashSocket 3. XHR long Polling 4. XHR part split: Multipart /form-data 5. XHR polling 6Copy the codeThanks to so many transport mechanisms, socket. IO compatibility is nothing to worry about.
5. Extension:HTTPS 与HTTPThe core difference between
What is a Socket? One thing I forgot to mention:
There are two key differences between HTTPS and HTTP:
- the
HTTPThe underlying transport protocol is defined byTCP/IPReplaced with aSSL/TLS - Incoming and outgoing messages are no longer in use
Socket APIInstead, call a specialized security interface.
Specific differences:
HTTPSThe protocol needs to beCAApplication certificate, generally free certificate is very few, need to pay a fee.HTTPIt’s hypertext transfer protocol, information is in clear text,HTTPSIs a secure SSL encrypted transport protocol.HTTPandhttpsThey’re using a completely different connection, and they’re using a different port. The former is80, which is443.HTTPThe connection is simple and stateless.HTTPSAgreement is madeSSL+HTTPProtocol a network protocol built for encrypted transmission and identity authenticationHTTPProtocol security.
Postscript and citations
This article draws on numerous sources and columns:
1. Details of THE SSL Handshake process in HTTPS
In my brain map, I have summarized 8 kindsHTTPCore problem.
As a front end to a career change, understanding these HTTP processes is both painful and fun. Want to brain map can scan code plus me, or public number reply: HTTP
❤️ Read three things
If you find this article inspiring, I’d like to invite you to do me three small favors:
- Like, so that more people can see this content (collection does not like, is a rogue -_-)
- Pay attention to “front-end persuaders” and share original knowledge from time to time.
- Look at other articles as well
Personal wechat: Huab119
You can also get all the posts from my GitHub blog:
Front-end persuasion guide: github.com/roger-hiro/… Let’s play. ~