分层模型
![](https://file.jishuzhan.net/article/1730841213570912257/451dc2bd7fd473c1ca32a390fa522758.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/df3bcb2acc2e23def138b14a468a937c.webp)
TCP 传输控制协议
UDP 用户数据包协议
四层
应用层 负责发送/接收消息
传输层 负责拆分和组装 .期间会有编号
网络层 TCP/UDP 属于网络层, 不会判断和处理编号
数据链路层 以太网 ,网络设备
![](https://file.jishuzhan.net/article/1730841213570912257/407ea04c948e7ea94a068005106faeb2.webp)
TCP 连接
TCP连接需要端口,进行通信
Java 通过Socket
![](https://file.jishuzhan.net/article/1730841213570912257/5e9c49a1c5fedb5a04381ec8707549cf.webp)
接收消息
![](https://file.jishuzhan.net/article/1730841213570912257/dbca418aa568fac5fcc84d2590e2c7e9.webp)
发送
![](https://file.jishuzhan.net/article/1730841213570912257/dcc794572b13cf88ac2bca3fdf0457e6.webp)
连接的建立:
连接建立才可以用Http连接
三次握手,四次挥手
发送->相应-发送
连接关闭:
省资源,否则占用资源
客户端发送关闭-服务端发送-服务端发送关闭-客户端发送关闭
长连接:
实现方式:心跳,在规定时间内使用TCP连接发送一个消息
HTTPS:
![](https://file.jishuzhan.net/article/1730841213570912257/9e90b581d263f2793dd2aa10a42edec6.webp)
SSL 安全套接字层
HTTP+SSL /TLS
SSL/TLS 对底层支持,在HTTP下增加安全层
![](https://file.jishuzhan.net/article/1730841213570912257/e4e776937fb0f9d93b32554548f1f352.webp)
对HTTP进行一层包装
HTTPS不是一种协议
![](https://file.jishuzhan.net/article/1730841213570912257/05bd5321c7121ef59e7c14104b4fa9f8.webp)
非对称加密有延迟,慢, 影响性能
在初始阶段协商非对称加密的密钥
HTTPS 建立:
HTTP通过TLS建立连接
![](https://file.jishuzhan.net/article/1730841213570912257/e024eaaa27e035fb231d4ac879339988.webp)
使用非对称加密协商,然后
![](https://file.jishuzhan.net/article/1730841213570912257/eb4f3794a5e616c714acac28061c7e03.webp)
连接建立过程
![](https://file.jishuzhan.net/article/1730841213570912257/50c5277dc933f87bcae15c3501c9b3b6.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/5ab036df931a92c08b6ae55950774de6.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/b92854cdcf19261b0dea395b32de9d02.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/ee2fa212cea73f4e21829e1927f2ed3c.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/02a6b24a3505de57ed2f07578c85e541.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/b48876b8bf2985fd7ad4bf6aaf8042f4.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/62379b4aecdc8c942b5ab03a78d2f80d.webp)
随机数用于数据加密
![](https://file.jishuzhan.net/article/1730841213570912257/6c67394107c120be361944f175604a70.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/d6db6b7737d761d62f1971de5acf871e.webp)
使用服务器的公钥加密发送数据
![](https://file.jishuzhan.net/article/1730841213570912257/9bd9502acb74bf0e83fabaadc1beb73d.webp)
hash计算的签名
![](https://file.jishuzhan.net/article/1730841213570912257/f760868b588a5b9ce807c5310224c3ab.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/63cbe57f12ada2eb1a165cb8545346ee.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/a548772f32596829afdaf8d99345d05a.webp)
根证书 一般是操作系统的证书
![](https://file.jishuzhan.net/article/1730841213570912257/bca1a291dcb42b547f281d6752fd8ce6.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/067356ddc5c72f8ec2d81ed1e019291c.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/277fa38efd6260507fb604fa8d8a8203.webp)
验证证书的合法性和服务器的主机名和地区等信息进行验证
![](https://file.jishuzhan.net/article/1730841213570912257/66c003d17986ed9adcb0f68f3d8ccf00.webp)
4 随机数,发送加密数据
![](https://file.jishuzhan.net/article/1730841213570912257/e352e4eb9f5b9c7e2517da9332c799a7.webp)
通过客户端 服务器端的随机数进行pre master 防止 replay attack 中间人共计
![](https://file.jishuzhan.net/article/1730841213570912257/b860c2d6193834f42ae3bbf745fd0160.webp)
这一步可以使用对称加密进行通信
![](https://file.jishuzhan.net/article/1730841213570912257/8ad9dee521378e9df637fa561154d677.webp)
MAC Secret = HMAC 指纹 ,基于based的消息验证,通过hash算法计算
![](https://file.jishuzhan.net/article/1730841213570912257/2e1779a8b8cb1f9d75ec2a448cbf850c.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/8f65c79f5bffd6ac265eeeec6b458209.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/8d4ec3f9d2f0b69aeb0754e4292e6bba.webp)
![](https://file.jishuzhan.net/article/1730841213570912257/54d84f7b9da2054bc2decf4ed6e18670.webp)