Bri Hatch | Personal | Work |
---|---|---|
Onsight, Inc bri@ifokr.org |
ExtraHop Networks bri@extrahop.com |
Completed in 1990.
Servers outside CERN servers serving HTTP by 1991.
alt.hypertext announcement 1991-08-06
$ telnet www.aoeu.com 80 GET /lfnw-2019-http.html <html> <head> <title>Hello, World</title> </head> <body> Hello, World! </body> </html> $
$ telnet www.aoeu.com 80 GET /lfnw-2019-http.txt <html> <head> <title>Hello... </head> <body> Hello, World! </body> </html> $ |
URL: http://www.aoeu.com/lfnw-2019-http.txt
Scheme: HTTP
HTTP Method: GET |
$ telnet www.aoeu.com 80 GET /lfnw-2019-http.txt <html> <head> <title>Hello... </head> <body> Hello, World! </body> </html> $ |
HTTP Version: ???? Size of content: ???? Encoding of response: ???? Type of response content: ???? Success or failure: ???? |
RFC-1945, in 1996.
$ telnet www.aoeu.com 80 GET /lfnw-2019-http.html HTTP/1.0 User-Agent: NCSA Mosaic/1.0 (X11;SunOS 4.1.4 sun4m) HTTP/1.0 200 OK Server: NCSA/1.2 Date: Tue, 19 Apr 1994 09:43:00 GMT Content-Type: text/html Content-Length: 119 Last-Modified: Wed, 21 Jan 1994 19:51:30 GMT <html> <head> <title>Hello World! ... $
200: OK |
400: Bad Request |
Accept Accept-{Charset,Encoding,Language} Authorization Content-Language From If-Modified-Since Referer User-Agent
Allow Content-Encoding Content-Language Content-Length Content-Type Expires Last-Modified Link Location Retry-After Server WWW-Authenticate
$ telnet www.aoeu.com 80 HEAD /really-big-image.gif HTTP/1.0 User-Agent: NCSA Mosaic/1.0 (X11;SunOS 4.1.4 sun4m) HTTP/1.0 200 OK Server: NCSA/1.2 Date: Tue, 19 Apr 1994 09:43:00 GMT Content-Type: image/gif Content-Length: 1769082 $
$ telnet www.aoeu.com 80 POST /cgi-bin/jj.cgi HTTP/1.0 User-Agent: NCSA Mosaic/1.0 (X11;SunOS 4.1.4 sun4m) Content-Length: 72 Content-Type: application/x-www-form-urlencoded pwd=foo&sub=Big+John+Gourmet+Sub.... HTTP/1.0 200 OK <html> <head> <TITLE>Order Sent</TITLE> ...
Cookies aren't part of the HTTP specifications!
# Before cookies (~1994/1996) GET /forum/cats/?cid=92b135196c47afaa8496a64ab64aa8b2 # After cookies GET /forums/cats/ Cookie: cid=92b135196c47afaa8496a64ab64aa8b2 Server: NCSA/1.2 Date: Tue, 19 Apr 1994 09:43:00 GMT Set-Cookie: cid=df83af441843aaf15b83ebec82fb2c5a
Protocol developed at Netscape
SSLv2, Nov 1994
SSLv3, Nov 1995, RFC-6101 (eventually)
SSLeay 1995
OpenSSL fork, 1998
TLS 1.0 - 1999; TLS 1.1 - 2006; TLS 1.2 - 2008; TLS 1.3 - 2018
# Then $ (echo "GET /"; echo) | ssleay s_client -host www.aoeu.com -port 443 # Now $ printf "GET /\n\n" | openssl s_client -connect www.aoeu.com:443
Application Layer |
Presentation Layer |
Session Layer |
Transport Layer |
Network Layer |
Data Link Layer |
Physical Layer |
Application Layer | |
Presentation Layer | |
Session Layer | |
Transport Layer | TCP, UDP (source, dest, ports, etc) |
Network Layer | IP |
Data Link Layer | Ethernet frames, Token Ring, etc |
Physical Layer | Electrons+Copper, Photons+Fiber, RF, etc |
Application Layer | Everything Else |
Presentation Layer | |
Session Layer | |
Transport Layer | TCP, UDP (source, dest, ports, etc) |
Network Layer | IP |
Data Link Layer | Ethernet frames, Token Ring, etc |
Physical Layer | Electrons+Copper, Photons+Fiber, RF, etc |
Content |
TLS/SSL (hopefully) |
TCP |
IP |
Ethernet |
Physical Layer |
Improvements
Host
header
GET HEAD POST DELETE PUT PATCH LINK UNLINK CONNECT OPTIONS TRACE
GET HEAD POST DELETE PUT PATCH
REST - Representational State Transfer (2000) supplants SOAP
XMLHttpRequest enables AJAX (OWA 1999, Gmail 2004)
GET /first/item HTTP/1.1 REQUEST HEADERS RESPONSE HEADERS RESPONSE CONTENT GET /second/item HTTP/1.1 REQUEST HEADERS RESPONSE HEADERS RESPONSE CONTENT GET /third/item HTTP/1.1 ...
GET /first/item HTTP/1.1 FIRST REQUEST HEADERS GET /second/item HTTP/1.1 SECOND REQUEST HEADERS FIRST RESPONSE HEADERS FIRST RESPONSE CONTENT SECOND RESPONSE HEADERS SECOND RESPONSE CONTENT GET /third/item HTTP/1.1 THIRD REQUEST HEADERS ...
But may not be supported by server - would need to be retried.
Only safe on idempotent requests.
9 Bytes in length
Frame types include DATA, HEADERS, RST_STREAM, PUSH_PROMISE, GOAWAY
Client | <- | Stream 1 data |
Stream 3 headers |
Stream 5 data |
Stream 2 headers |
Stream 3 data |
Stream 3 data |
Server |
---|---|---|---|---|---|---|---|---|
Stream 7 headers |
-----> |
Binary framing doesn't play well with <= HTTP/1.1 servers.
Solution: upgrade from HTTP/1.1, or use TLS
GET /index.html HTTP/1.1 Connection: Upgrade, HTTP2-Settings Upgrade: h2c NORMAL_HEADERS_HERE HTTP2-Settings: <base64 headers settings blob> HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: h2c ...
So how did they solve the HOL problem?
So how did they solve the HOL problem?
The Google QUIC protocol now called gQUIC
QUIC is the generic secure UDP transport.
HTTP/3 is HTTP over QUIC.
Latest draft: 2019-04-23
Draft expires: 2019-10-25
https://tools.ietf.org/html/draft-ietf-quic-http-20
Personal | Work |
---|---|
Bri Hatch Onsight, Inc bri@ifokr.org |
Bri Hatch |
Copyright 2019, Bri Hatch, Creative Commons BY-NC-SA License