HTTP

HTTP

Summary #

tags
HyperText, Application level protocol

Hypertext Transfer Protocol(HTTP) is used mainly to access World Wide Web (www) data. The Hypertext Transfer Protocol (HTTP) is the Web’s main application-layer protocol, although current browsers can access other types of servers. A repository of information spread all over the world and linked together.

The HTTP protocol transfers data in plain text, hypertext, audio, video, etc. HTTP utilizes TCP connections to send client requests and server replies. It is a synchronous protocol that works by making both persistent and non-persistent connections.

HTTP vs TCP #

ref

  1. HTTP is a Hypertext Transfer Protocol, whereas TCP full form is Transmission Control Protocol.
  2. HTTP is utilized to access websites, while TCP is a session establishment protocol between client and server.
  3. HTTP uses port 80 and TCP uses no port.
  4. HTTP doesn’t need authentication, whereas, TCP uses the TCP-AO.
  5. HTTP is Stateless but not session less. In contrast, TCP is a Connection-Oriented Protocol.
  6. HTTP is a One-way communication system, while on the other hand, TCP is a 3-Way Handshake (SYN, SYN-ACK, ACK).
  7. In case you’re using HTTP, HTTP appears in the URL of the site, and if you’re using TCP, TCP appears in IP.
  8. HTTP establishes data link communication only but TCP establishes session connection.
  9. HTTP is useful for transfer of smaller documents like webpages, on the other hand, TCP is useful to setup connection for data transfer.
  10. HTTP is faster in comparison to TCP, which is slower.
TCPHTTP
TCP protocol is used for session establishmentHTTP protocol is used for content access
between two machine. No Port numberfrom web server. HTTP uses TCP’s port number 80.
TCP-AO (TCP Authentication Option)HTTP does not perform authentication.
TCP is used extensively by many internet applications.HTTP is useful in transferring smaller
files like web pages.
Connection-Oriented ProtocolStateless but not session less
Establishes Connection between Client and Server.Transfers records between the Web client and Web server.
No URLWhen you are managing HTTP, HTTP will appear in URL.
3-Way Handshake (SYN, SYN-ACK, ACK)One-way communication system.
HTTP, HTTPs, FTP, SMTP, TelnetMost widely used for web based applications
The speed for TCP is slowerHTTP is faster than TCP.

HTTPS #

HTTPS communication between client and server? #

How SSL Certificate Verification adds security in HTTPS communication

  1. client sends HTTPS request to a server
  2. server uses private key(private key pair of the public key that was in CSR), to sign(encrypt) some data and sends it back to client along with the SSL Certificate.
  3. Client uses public key from certificate that it received from server and decrpyt to verify the server is the owner of the private key.
  4. Case 1: what if hacker uses it own certificate to send signed data back to the client along with his/her fake SSL certificate How is this is dealt with? After or before receiving the signed data from server, client verifies the CA signature of the certificate that client receives from server using the CA public key that the client(browser) posses. If hacker cert is not verified then client creates an alarm.
  5. Case 2: what if hacker uses a valid CA signed cert to sign some data that server sends How this is dealt with? Client also checks whether the IP and domain name mentioned in the SSL cert matches with IP and domain name of server that client(browser) believes that it is talking to - if they do not match, browser reports that something is fishy.
  6. Case 3: what if hacker creates CA signed cert with IP and domain name of a server that he does not own? CA will not create SSL cert for a server, if the owner ship is not verified.

HTTP Methods #

GET #

POST #

PUT #

DELETE #

PATCH #

OPTIONS #

CONNECT #

TRACE #

Links to this note

Calendar February 26, 2024
Previous Next