Networking Fundamentals Intermediate to Advanced +200 XP

HTTP/HTTPS

The HTTP Request/Response Model

HTTP (Hypertext Transfer Protocol) is the foundational protocol for data exchange on the web. It follows a simple **Stateless Request/Response** pattern between clients and servers:

  • Request Methods:
    GET: Retrieves data (should be idempotent).
    POST: Submits data to create resources.
    PUT/PATCH: Updates existing resources.
    DELETE: Removes resources.
  • Response Codes:
    2xx (Success): e.g. 200 OK, 201 Created.
    3xx (Redirections): e.g. 301 Moved Permanently, 304 Not Modified.
    4xx (Client Errors): e.g. 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found.
    5xx (Server Errors): e.g. 500 Internal Error, 502 Bad Gateway, 503 Service Unavailable.

HTTPS & The SSL/TLS Handshake

HTTPS is HTTP wrapped inside an encrypted **SSL/TLS** session. It prevents eavesdropping and tampering using public-key cryptography:

The TLS 1.3 Handshake (1 RTT):
  1. Client Hello: Client sends supported cipher suites and key share parameters.
  2. Server Hello & Key Exchange: Server responds with selected cipher, public key share, and digital certificate signed by a trusted CA.
  3. Derive Keys: Both derive symmetric session keys. All subsequent data exchange is fully encrypted.

Evolution of HTTP: HTTP/1.1 vs HTTP/2 vs HTTP/3

Understanding protocol enhancements is essential for network optimizations:

  • HTTP/1.1: Introduced persistent connections (keep-alive) but suffered from **Head-of-Line (HOL) blocking** (requests had to execute sequentially over a single socket).
  • HTTP/2: Multiplexed binary streams over a single TCP connection (parallel transfers), introduced HPACK header compression, and server push. HOL still occurred if TCP packet loss occurred.
  • HTTP/3: Replaced TCP transport with **QUIC** (UDP-based). It eliminates HOL blocking completely at the transport layer, allows rapid connection migration across networks, and integrates TLS 1.3 natively.