HTTP/HTTPS Amit Kumar Singh Image: Danilo Rizzuti / FreeDigitalPhotos.net
HTTP <ul><li>HyperText Transfer Protocol </li></ul><ul><li>Invented by Tim Berners-Lee </li></ul><ul><li>An Application La...
Request/Response Model <ul><li>The Client sends  Request  to the server for a  Resource </li></ul><ul><ul><li>Resource loc...
HTTP Request <ul><li>Comprised of Request Line, HTTP header, HTTP Body(optional) </li></ul><ul><ul><ul><li>Eg: </li></ul><...
HTTP Request : HTTP Methods <ul><li>GET </li></ul><ul><li>HEAD </li></ul><ul><li>POST </li></ul><ul><li>PUT </li></ul><ul>...
HTTP Request : Headers <ul><li>Accept: text/html,text/plain,image/jpeg; charset=ISO-8859-1  </li></ul><ul><li>Accept-Langu...
HTTP Response <ul><li>Consists of Status Line, Headers, and Body(optional) </li></ul><ul><li>HTTP/1.1 200 OK </li></ul><ul...
HTTP Response: Status Codes <ul><li>3 digit integer </li></ul><ul><li>1xx  </li></ul><ul><ul><li>informational message  </...
HTTP Response : Headers <ul><li>Cache-Control: no-cache </li></ul><ul><li>Content-Length: 2748 </li></ul><ul><li>Content-T...
HTTP Cookie <ul><li>Text Stored in the client </li></ul><ul><li>Used for authentication, user preferences, state managemen...
Caching <ul><li>Sits between the Client and the Server. </li></ul><ul><li>Saves copy of response </li></ul><ul><li>Further...
HTTPS <ul><li>HTTP is insecure! </li></ul><ul><ul><li>Subject to man-in-the-middle and eavesdropping attacks </li></ul></u...
TLS Handshake <ul><li>Client asks for a connection to the HTTPS server  </li></ul><ul><ul><li>specifying the highest TLS p...
<ul><li>Client verifies the Certificate and authenticates  the Server </li></ul><ul><li>If authenticated the client create...
References <ul><li>http://www.faqs.org/rfcs/rfc2616.html </li></ul><ul><li>www.en.wikipedia.org </li></ul><ul><li>https://...
Upcoming SlideShare
Loading in …5
×

HTTP

1,825 views
1,717 views

Published on

Published in: Technology
2 Comments
2 Likes
Statistics
Notes
No Downloads
Views
Total views
1,825
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
121
Comments
2
Likes
2
Embeds 0
No embeds

No notes for slide

HTTP

  1. 1. HTTP/HTTPS Amit Kumar Singh Image: Danilo Rizzuti / FreeDigitalPhotos.net
  2. 2. HTTP <ul><li>HyperText Transfer Protocol </li></ul><ul><li>Invented by Tim Berners-Lee </li></ul><ul><li>An Application Layer Protocol </li></ul><ul><li>For Distributed, Collaborative and Hypermedia information systems </li></ul><ul><li>Client Server model. </li></ul><ul><li>Reliable protocol </li></ul><ul><ul><li>Works on Top of TCP protocol </li></ul></ul><ul><ul><ul><li>Default Port 80 </li></ul></ul></ul><ul><li>Is Stateless </li></ul>
  3. 3. Request/Response Model <ul><li>The Client sends Request to the server for a Resource </li></ul><ul><ul><li>Resource located by its URL </li></ul></ul><ul><ul><li><scheme>://<host>:<port>/<resource path> </li></ul></ul><ul><ul><li>Eg: http://www.google.com/ </li></ul></ul><ul><li>Server sends Response back to the client along with Acknowledgment code </li></ul><ul><li>Request and Response messages are in plain text </li></ul>
  4. 4. HTTP Request <ul><li>Comprised of Request Line, HTTP header, HTTP Body(optional) </li></ul><ul><ul><ul><li>Eg: </li></ul></ul></ul><ul><ul><ul><ul><li>GET /Index.html HTTP/1.1 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Connection: Keep-Alive </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Accept: */* </li></ul></ul></ul></ul><ul><ul><ul><ul><li>User-Agent: Sample Application </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Host: www.google.com </li></ul></ul></ul></ul><ul><li>Request Line: </li></ul><ul><ul><li><HTTP Method> <resource path> <HTTP Version> </li></ul></ul><ul><li>GET /path/to/file/index.html HTTP/1.1 </li></ul>
  5. 5. HTTP Request : HTTP Methods <ul><li>GET </li></ul><ul><li>HEAD </li></ul><ul><li>POST </li></ul><ul><li>PUT </li></ul><ul><li>DELETE </li></ul><ul><li>TRACE </li></ul><ul><li>CONNECT </li></ul><ul><li>OPTIONS </li></ul><ul><li>PATCH </li></ul>
  6. 6. HTTP Request : Headers <ul><li>Accept: text/html,text/plain,image/jpeg; charset=ISO-8859-1 </li></ul><ul><li>Accept-Language: en </li></ul><ul><li>Accept-Encoding: gzip, deflate </li></ul><ul><li>Connection: Keep-Alive </li></ul><ul><li>Referer: http://www.w3.org/index.html </li></ul><ul><li>Host: www.google.com </li></ul><ul><li>Cookie: id=105; Skin=new </li></ul><ul><li>User-Agent: Mozilla/4.0(Compatible; MSIE 6.0; Windows NT 5.0) </li></ul>
  7. 7. HTTP Response <ul><li>Consists of Status Line, Headers, and Body(optional) </li></ul><ul><li>HTTP/1.1 200 OK </li></ul><ul><li>Server: Microsoft-IIS/5.0 </li></ul><ul><li>Content-Location: http://www.microsoft.com/default.htm </li></ul><ul><li>Date: Tue, 25 Jun 2009 19:33:18 GMT </li></ul><ul><li>Content-Type: text/html </li></ul><ul><li>Accept-Ranges: bytes </li></ul><ul><li>Last-Modified: Mon, 24 Jun 2002 20:27:23 GMT </li></ul><ul><li>Content-Length: 26812 </li></ul><ul><li><html> </li></ul><ul><li>---- </li></ul><ul><li><html> </li></ul>
  8. 8. HTTP Response: Status Codes <ul><li>3 digit integer </li></ul><ul><li>1xx </li></ul><ul><ul><li>informational message </li></ul></ul><ul><li>2xx </li></ul><ul><ul><li>success of some kind </li></ul></ul><ul><li>3xx </li></ul><ul><ul><li>redirects the client to another URL </li></ul></ul><ul><li>4xx </li></ul><ul><ul><li>error on the client's part </li></ul></ul><ul><ul><ul><li>404 </li></ul></ul></ul><ul><li>5xx </li></ul><ul><ul><li>error on the server's part </li></ul></ul>
  9. 9. HTTP Response : Headers <ul><li>Cache-Control: no-cache </li></ul><ul><li>Content-Length: 2748 </li></ul><ul><li>Content-Type: image/gif </li></ul><ul><li>Date: Wed, 4 Oct 2004 12:00:00 GMT </li></ul><ul><li>Expires: -1 </li></ul><ul><li>WWW-Authenticate: Basic realm=&quot;Secure Area” </li></ul>
  10. 10. HTTP Cookie <ul><li>Text Stored in the client </li></ul><ul><li>Used for authentication, user preferences, state management </li></ul><ul><li>Set-Cookie: ID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net </li></ul><ul><li>All valid cookies are sent back to the server with subsequent requests </li></ul>
  11. 11. Caching <ul><li>Sits between the Client and the Server. </li></ul><ul><li>Saves copy of response </li></ul><ul><li>Further requests can fetch response from cache </li></ul><ul><li>Cache-Control: </li></ul><ul><ul><li>no-cache /private/ public/ max-age </li></ul></ul><ul><li>Expires: Fri, 30 Oct 1998 14:19:41 GMT </li></ul>
  12. 12. HTTPS <ul><li>HTTP is insecure! </li></ul><ul><ul><li>Subject to man-in-the-middle and eavesdropping attacks </li></ul></ul><ul><li>HTTP over TLS or SSL </li></ul><ul><li>Uses port 443 by default </li></ul><ul><li>Based on Public key cryptography </li></ul>
  13. 13. TLS Handshake <ul><li>Client asks for a connection to the HTTPS server </li></ul><ul><ul><li>specifying the highest TLS protocol version it supports, the a list of Cipher Suites (Cipher and Hash function). </li></ul></ul><ul><li>Server responds and selects TLS protocol version and Cipher Suite which the client also supports </li></ul><ul><li>Server sends a Certificate to the client for its authentication </li></ul><ul><ul><li>Certificate contains server name, trusted CA, and server's Public Key </li></ul></ul>
  14. 14. <ul><li>Client verifies the Certificate and authenticates the Server </li></ul><ul><li>If authenticated the client creates a random session key using the Encryption algorithm and encrypts it with the server's public key </li></ul><ul><li>The key is sent to the server, the server decrypts the session key using the server's private key. </li></ul><ul><li>The client encrypts the message using the session key and sends it to the server </li></ul><ul><li>The server decrypts the message using the same session key. </li></ul>
  15. 15. References <ul><li>http://www.faqs.org/rfcs/rfc2616.html </li></ul><ul><li>www.en.wikipedia.org </li></ul><ul><li>https://www.httpwatch.com/httpgallery </li></ul><ul><li>http://condor.depaul.edu/~dmumaugh/readings/handouts/SE435/HTTP/http.pdf </li></ul><ul><li>http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html </li></ul>

×