Reprint and accumulation series - principle of HTTPS and HTTP caching mechanism

Old manong Zuli 2020-11-13 04:45:27
reprint accumulation series principle https


Catalog

HTTPS principle

HTTPS

HTTPS Implementation principle of

Why is data transmission encrypted symmetrically ?

Why CA Certification bodies issue certificates ?

HTTP Cache mechanism and principle

HTTP message

Cache rule parsing

Mandatory cache

Expires

Cache-Control

Compare cache

Last-Modified / If-Modified-Since

Etag / If-None-Match( Priority over Last-Modified / If-Modified-Since)

Principle summary


Reprinted earlier HTTP Related articles 《 Reprint and accumulation series - In depth understanding of HTTP agreement 》

HTTPS principle


HTTPS

With HTTPS The cost of building a station is down , Now most websites have started to use HTTPS agreement . Everybody knows HTTPS Than HTTP Security , I've heard that HTTPS The concepts related to the agreement are SSL 、 Asymmetric encryption 、 CA Certificates, etc , But for the following three soul torture may not answer :

1. Why did you use HTTPS It's safe ?2.HTTPS How to realize the underlying principle of ?3. It was used HTTPS It must be safe ?

This article will go deep into , In principle HTTPS The safety of .

HTTPS Implementation principle of

You may have heard of HTTPS The reason why the agreement is secure is HTTPS The protocol encrypts the transmitted data , The encryption process is implemented by asymmetric encryption . But in fact ,HTTPS Symmetric encryption is used for encryption of content transmission , Asymmetric encryption only works in the certificate verification phase .

HTTPS The whole process is divided into certificate verification and data transmission , The specific interaction process is as follows :

① Certificate validation phase

  • Browser initiation HTTPS request

  • Server return HTTPS certificate

  • The client verifies that the certificate is legal , If the alarm is prompted in violation of the law

② Data transmission phase

  • When the certificate is verified to be valid , Generate random numbers locally
  • Encrypt random numbers with public key , And transmit the encrypted random number to the server
  • The server decrypts the random number through the private key
  • The server constructs the symmetric encryption algorithm through the random number passed in by the client , Encrypt the content of the returned result and then transmit it

Why is data transmission encrypted symmetrically ?

First , The efficiency of asymmetric encryption is very low , and http There is a lot of interaction between the normal end and the end in the application scenario of , The efficiency of asymmetric encryption is unacceptable ;

in addition , stay HTTPS Only the server saves the private key in the scenario , A pair of public and private keys can only realize one-way encryption and decryption , therefore HTTPS The content transmission encryption in is symmetric encryption , Not asymmetric encryption .

Why CA Certification bodies issue certificates ?

HTTP The protocol is considered unsafe because the transmission process is easy to be monitored by the listener 、 Fake servers , and HTTPS The protocol mainly solves the security problem of network transmission .

First, we assume that there is no certification body , Anyone can make a certificate , The security risks are classic “ Man-in-the-middle attack ” problem .

“ Man-in-the-middle attack ” The specific process is as follows :

Process principle :

1. Local request hijacked ( Such as DNS Hijack, etc ), All requests are sent to the broker's server 2. The broker server returns the broker's own certificate 3. Client creates random number , The random number is encrypted by the public key of the intermediary certificate and then sent to the intermediary , Then construct symmetric encryption with random number to encrypt the transmission content 4. Middleman because of the random number of clients , The content can be decrypted by symmetric encryption algorithm 5. The middleman sends the request to the regular website with the request content of the client 6. Because the communication process between the middleman and the server is legal , The regular website returns encrypted data through the established security channel 7. The middleman decrypts the content with the symmetric encryption algorithm established with the regular website 8. The middleman encrypts the data returned by the normal content through the symmetric encryption algorithm established with the client 9. The client decrypts the returned data through the symmetric encryption algorithm established with the middleman

Due to the lack of verification of certificates , So although the client initiated HTTPS request , But the client has no idea that his network has been blocked , The transmission content is stolen by the middleman .

 

HTTP Cache mechanism and principle


HTTP message

HTTP Message is the data block sent and responded when the browser and server communicate .

The browser requests data from the server , Send a request (request) message ; The server returns data to the browser , Return response (response) message .

Message information is mainly divided into two parts

  1. Contains the first part of the attribute (header): Additional information (cookie, Cache information, etc ) Rule information related to caching , All contained in header in

  2. The body part that contains the data (body):HTTP Request what you really want to transfer

Cache rule parsing

For your convenience , We think the browser has a cache database , For storing cached information .

The first time the client requests data , At this time, there is no corresponding cache data in the cache database , Need request server , After the server returns , Store the data in the cache database .

HTTP There are many rules for caching , Classify according to whether the request needs to be reissued to the server , I divide it into two categories ( Mandatory cache , Compare cache )

Before I go into detail about these two rules , Let's go through the sequence diagram first , Let's have a simple understanding of these two rules .

When cached data already exists , Based on forced cache only , The process of requesting data is as follows

When cached data already exists , Based on contrast caching only , The process of requesting data is as follows

Students who are not familiar with the caching mechanism may ask , Based on the process of contrast caching , With or without caching , You need to send a request to the server , So what else to do with caching ?

This problem , Let's put it down for a while , When we introduce each cache rule in detail later , It will give you the answer .

We can see the difference between the two types of caching rules , Force caching if it works , No more interaction with the server , And contrast caching, whether it works or not , All need to interact with the server .

Two types of caching rules can exist at the same time , Force cache priority over contrast cache , in other words , When executing a rule that forces caching , If the cache works , Use cache directly , No more comparison caching rules .

Mandatory cache


We know from the above that , Mandatory cache , In the case of cache data not failing , You can use cached data directly , So how does the browser judge whether the cache data is invalid ?

We know , When there is no cached data , When the browser requests data from the server , The server will return the data along with the caching rules , Caching rule information is contained in the response header in .

For forced caching , Respond to header There are two fields in the to indicate the invalidation rule (Expires/Cache-Control)

Use chrome Developer tools , It is obvious that when the forced cache is in effect , Network requests

Expires

Expires The value of is the expiration time returned by the server , On the next request , The request time is less than the expiration time returned by the server , Use cached data directly .

however Expires yes HTTP 1.0 Things that are , Now the default browser is used by default HTTP 1.1, So its function is ignored .

Another problem is , The expiration time is generated by the server , however There may be an error between the client time and the server time , This leads to cache hit errors .

therefore HTTP 1.1 Version of , Use Cache-Control replace .

Cache-Control

Cache-Control Is the most important rule . Common values are private、public、no-cache、max-age,no-store, The default is private.

private: The client can cache
public: Both client and proxy servers are cacheable ( Front end students , It can be said that public and private It's the same )
max-age=xxx: The contents of the cache will be in xxx Seconds after the failure
no-cache: You need to use a comparison cache to verify the cached data ( Later on )
no-store: Nothing will be cached , Mandatory cache , Contrast caching doesn't trigger ( For front-end development , The more cache the better ,so… Basically say to it 886)

Take a chestnut

In the figure Cache-Control Only... Is specified max-age, So the default is private, Cache time is 31536000 second (365 God )

in other words , stay 365 Request this data again in days , Will directly get the data in the cache database , Use it directly .

Compare cache

Compare cache , seeing the name of a thing one thinks of its function , A comparison is needed to determine whether caching can be used .

The first time a browser requests data , The server will return the cache ID with the data to the client , The client backs them up to the cache database .

When requesting data again , The client sends the backup cache ID to the server , The server judges according to the cache ID , After judging success , return 304 Status code , Notify client is successful , You can use cached data .

First visit :

Revisit :

By comparing the two figures , We can clearly find that , When the comparison cache takes effect , Status code for 304, And the message size and request time are greatly reduced .

as a result of , After identity comparison on the server side , Only return header part , Notify the client to use the cache through the status code , It is no longer necessary to return the main part of the message to the client .

For contrast caching , The delivery of cache identity is what we need to understand , It's asking header And response header Pass it on , There are two kinds of logo transmission , Next , Let's introduce it separately .

Last-Modified / If-Modified-Since

Last-Modified:

Server in response to request , Tell the browser when the resource was last modified .

If-Modified-Since:

When requesting the server again , Notify the server of the last request through this field , The last modification time of the resource returned by the server .

The server found a header after receiving the request If-Modified-Since Compare with the last modification time of the requested resource .

If the last modification time of the resource is greater than If-Modified-Since, Indicates that the resource has been changed again , Response to the whole resource content , Return status code 200; If the last modification time of the resource is less than or equal to If-Modified-Since, Description no new changes to resources , The response HTTP 304, Tell the browser to continue using the saved cache.

Etag / If-None-Match( Priority over Last-Modified / If-Modified-Since)

Etag:

When the server responds to a request , Tells the browser the unique identity of the current resource on the server ( The generation rules are determined by the server ).

If-None-Match:

When requesting the server again , This field informs the server of the unique identity of the client segment cache data .

The server found a header after receiving the request If-None-Match It is compared with the unique ID of the requested resource , Different , Indicates that the resource has been changed again , Response to the whole resource content , Return status code 200; identical , Description no new changes to resources , The response HTTP 304, Tell the browser to continue using the saved cache.

Principle summary

版权声明
本文为[Old manong Zuli]所创,转载请带上原文链接,感谢

  1. [front end -- JavaScript] knowledge point (IV) -- memory leakage in the project (I)
  2. This mechanism in JS
  3. Vue 3.0 source code learning 1 --- rendering process of components
  4. Learning the realization of canvas and simple drawing
  5. gin里获取http请求过来的参数
  6. vue3的新特性
  7. Get the parameters from HTTP request in gin
  8. New features of vue3
  9. vue-cli 引入腾讯地图(最新 api,rocketmq原理面试
  10. Vue 学习笔记(3,免费Java高级工程师学习资源
  11. Vue 学习笔记(2,Java编程视频教程
  12. Vue cli introduces Tencent maps (the latest API, rocketmq)
  13. Vue learning notes (3, free Java senior engineer learning resources)
  14. Vue learning notes (2, Java programming video tutorial)
  15. 【Vue】—props属性
  16. 【Vue】—创建组件
  17. [Vue] - props attribute
  18. [Vue] - create component
  19. 浅谈vue响应式原理及发布订阅模式和观察者模式
  20. On Vue responsive principle, publish subscribe mode and observer mode
  21. 浅谈vue响应式原理及发布订阅模式和观察者模式
  22. On Vue responsive principle, publish subscribe mode and observer mode
  23. Xiaobai can understand it. It only takes 4 steps to solve the problem of Vue keep alive cache component
  24. Publish, subscribe and observer of design patterns
  25. Summary of common content added in ES6 + (II)
  26. No.8 Vue element admin learning (III) vuex learning and login method analysis
  27. Write a mini webpack project construction tool
  28. Shopping cart (front-end static page preparation)
  29. Introduction to the fluent platform
  30. Webpack5 cache
  31. The difference between drop-down box select option and datalist
  32. CSS review (III)
  33. Node.js学习笔记【七】
  34. Node.js learning notes [VII]
  35. Vue Router根据后台数据加载不同的组件(思考->实现->不止于实现)
  36. Vue router loads different components according to background data (thinking - & gt; Implementation - & gt; (more than implementation)
  37. 【JQuery框架,Java编程教程视频下载
  38. [jQuery framework, Java programming tutorial video download
  39. Vue Router根据后台数据加载不同的组件(思考->实现->不止于实现)
  40. Vue router loads different components according to background data (thinking - & gt; Implementation - & gt; (more than implementation)
  41. 【Vue,阿里P8大佬亲自教你
  42. 【Vue基础知识总结 5,字节跳动算法工程师面试经验
  43. [Vue, Ali P8 teaches you personally
  44. [Vue basic knowledge summary 5. Interview experience of byte beating Algorithm Engineer
  45. 【问题记录】- 谷歌浏览器 Html生成PDF
  46. [problem record] - PDF generated by Google browser HTML
  47. 【问题记录】- 谷歌浏览器 Html生成PDF
  48. [problem record] - PDF generated by Google browser HTML
  49. 【JavaScript】查漏补缺 —数组中reduce()方法
  50. [JavaScript] leak checking and defect filling - reduce() method in array
  51. 【重识 HTML (3),350道Java面试真题分享
  52. 【重识 HTML (2),Java并发编程必会的多线程你竟然还不会
  53. 【重识 HTML (1),二本Java小菜鸟4面字节跳动被秒成渣渣
  54. [re recognize HTML (3) and share 350 real Java interview questions
  55. [re recognize HTML (2). Multithreading is a must for Java Concurrent Programming. How dare you not
  56. [re recognize HTML (1), two Java rookies' 4-sided bytes beat and become slag in seconds
  57. 【重识 HTML ,nginx面试题阿里
  58. 【重识 HTML (4),ELK原来这么简单
  59. [re recognize HTML, nginx interview questions]
  60. [re recognize HTML (4). Elk is so simple