HTTP & HTTPS
[!NOTE] This module explores the core principles of HTTP & HTTPS, deriving solutions from first principles and hardware constraints to build world-class, production-ready expertise.
1. What is HTTP?
HyperText Transfer Protocol (HTTP). It is the foundation of data communication for the World Wide Web. It is a Stateless protocol, meaning each request is independent of the ones before it.
The Request/Response Cycle
- Request: Client (Browser) sends a command:
GET /index.html HTTP/1.1. - Response: Server replies with data:
200 OK+ HTML content.
Common HTTP Methods
- GET: Retrieve a resource.
- POST: Submit data to be processed (e.g., a form).
- PUT: Replace a resource.
- DELETE: Remove a resource.
Status Codes
- 2xx (Success):
200 OK,201 Created. - 3xx (Redirection):
301 Moved Permanently,304 Not Modified. - 4xx (Client Error):
404 Not Found,403 Forbidden. - 5xx (Server Error):
500 Internal Server Error,503 Service Unavailable.
2. HTTPS (The ‘S’ is for Secure)
HTTPS is HTTP over TLS (Transport Layer Security).
| Feature | HTTP | HTTPS |
|---|---|---|
| Port | 80 | 443 |
| Encryption | None (Plaintext) | Encypted (SSL/TLS) |
| Integrity | Data can be tampered | Tamper-proof |
| Trust | No verification | Verified by Certificates |
3. How HTTPS Works (The TLS Handshake)
- Client Hello: “I support these encryption types.”
- Server Hello + Certificate: “Use this one. Here is my Public Key verified by a Certificate Authority (CA).”
- Key Exchange: Client encrypts a “Pre-master secret” with the Server’s Public Key.
- Finished: Both sides derive a Symmetric Session Key for the rest of the conversation.
4. Interactive: Status Code Game
What happened to the request?
🌍
Browser
↔
???
Waiting for request...
5. Evolution of HTTP
- HTTP/1.1: The old standard. One request at a time (mostly).
- HTTP/2: Multiplexing (many requests over one TCP connection). Binary headers.
- HTTP/3 (QUIC): Runs over UDP instead of TCP to eliminate head-of-line blocking and speed up handshakes.