0003 - HTTP and HTTPS

Publish date: 2025-06-27
Tags: Networking, Interview-Questions

Basic Concepts: HTTP (Hypertext Transfer Protocol)

Anatomy of an HTTP Request/Response

Request:

  1. Request Line: GET /users/123 HTTP/1.1 (Method, URI, HTTP Version).
  2. Headers: Key-value pairs with metadata (Host: api.example.com, Authorization: Bearer …, Content-Type: application/json).
  3. Blank Line: Separates headers from the body.
  4. Body (Optional): The payload of the request (e.g., JSON for a POST request).

Response:

  1. Status Line: HTTP/1.1 200 OK (HTTP Version, Status Code, Status Message).
  2. Headers: Content-Type: application/json, Content-Length: 150, Cache-Control: no-cache.
  3. Blank Line.
  4. Body (Optional): The content requested (e.g., HTML page, JSON data).

Common HTTP Methods & Idempotency

Idempotent means that making the same request multiple times has the same effect as making it once.

Advanced Concepts: HTTPS (HTTP Secure)

  1. Encryption: Protects the data from being eavesdropped on.
  2. Authentication: Verifies that you are talking to the correct server (prevents man-in-the-middle attacks).
  3. Integrity: Ensures that the data has not been tampered with in transit.

The TLS Handshake (Simplified for Interviews)

  1. Client Hello: The client sends a message to the server, including the TLS versions it supports and a list of supported cipher suites (encryption algorithms).
  2. Server Hello: The server responds, choosing a TLS version and cipher suite from the client’s list.
  3. Server Certificate: The server presents its SSL certificate to the client. This certificate contains the server’s public key and is signed by a trusted Certificate Authority (CA). The browser checks if it trusts the CA.
  4. Key Exchange: The client and server use the public/private key pair (asymmetric encryption) to securely negotiate a symmetric session key. This is the key that will be used to encrypt all the actual HTTP data for the rest of the session.
  5. Secure Communication: All subsequent HTTP traffic is encrypted using this shared symmetric key, which is much faster than asymmetric encryption.
Tags: Networking, Interview-Questions