Geek Answers Handbook

What is the minimum possible request for http and https data

Suppose I want to GET one byte from the server using the http protocol, and I want to minimize everything without headers http://myserver.com/b where b is a text file with one character in it, or even better b - just one character (not sure if this is possible). Is there a way to do this with apache and what is the minimum amount of data that is required for full http and full https transactions? Alternatively, a transaction can only be completed with a chapter request, if it is more efficient.

+7
source share
3 answers

What exactly are you trying to achieve, is it something like a sequel?

You can do "GET /", which implies using HTTP / 1.0, but this blocks you from things like shared hosting, etc. You can match the "/" with a cgi- script, it should not be a real file, depending on what you are trying to achieve. You can only configure Apache to return a minimum set of headers, which will basically be "Content-Type: text / plain" (or another, shorter mime type, possibly a custom mimetype type, such as "Content-Type: a / b") Content-Length: 0 ", thereby not returning the response body.

+4
source

If you plan to use HTTP / 1.1 (more or less required if you go to a virtual host), your GET request must have a host name, either in the Host header or as an absolute URI in the query string (see RFC 2616 section 5.1.2 )

Your answer will also require Content-Length or pass the encoding headers and delimiters .

If you want to β€œsmash” HTTP with a HEAD request, it looks like HTTP may not be the best protocol choice. You can also return something to the custom header, but this is not a clean way to do this.

Please note that even if you implement your own protocol, you will need to implement a mechanism similar to that provided by Content-Length or encoded coding to determine when to stop reading from the far side (otherwise you won "Unable to detect poorly closed connections. "

EDIT:

Here is a quick example, it will depend on your hostname (assuming HTTP 1.1). I think you could use OPTIONS . It depends on how ready you are to break HTTP ...

Request:

 GET / HTTP/1.1 Host: www.example.com

This is 14 + 2 + 21 + 2 + 2 = 41 bytes (2 for CRLF)

Answer:

 HTTP/1.1 200 OK Content-Length: 1 Content-Type: text/plain a

This is 15 + 2 + 17 + 2 + 24 + 2 + 2 + 1 = 65 bytes

For HTTPS there will be small overhead for the SSL / TLS channel itself, but the bulk of it will be taken by handshakes, in particular, the server certificate (provided that you do not use client-certificate authentication) should be the largest. Check the size (in DER format) of your certificate.

+4
source

This is an old question, but maybe someone found it useful because no one answered the HTTPS question question.

For me, this was necessary to simply check the HTTPS connection in my proxy server, which connects unreliable other proxies through the tunnel.

This site clearly explains: http://netsekure.org/2010/03/tls-overhead/

Quotes from the article:

One thing to keep in mind will affect the calculation - the variable size of most messages. The variable nature will not allow you to calculate the exact value, but taking some reasonable average values ​​for variable fields, you can get a good approximation of overhead costs. Now skip all the messages and consider their sizes.

  • ClientHello - the average size of the initial client greeting is from 160 to 170 bytes. It will depend on the number of ciphers sent by the client, as well as the number of TLS ClientHello extensions. If session renewal is used, an additional 32 bytes must be added for the session identifier field.
  • ServerHello - This message is slightly more static than ClientHello, but still variable in size due to TLS extensions. The average size is from 70 to 75 bytes. -Certificate is the message that is most different between different servers. The message contains the server certificate, as well as all intermediate certificates of the issuer in the certificate chain (minus the root certificate). Since certificate sizes vary greatly based on the parameters and keys used, I would use an average of 1,500 bytes per certificate (self-signed certificates can be as high as 800 bytes). Another variable is the length of the certificate chain to the root certificate. To be on the more conservative side of what is on the Internet, you can accept 4 certificates in a chain. In general, this gives us about 6 thousand. For this message.
  • ClientKeyExchange - allows you to reuse the most widely used RSA server certificate. This corresponds to a size of 130 bytes for this message.
  • ChangeCipherSpec - fixed size 1 (technically not a handshake)
  • Finished - depending on whether SSLv3 or TLS is used, the size changes quite a bit - 36 and 12 bytes, respectively. Most implementations nowadays support TLSv1.0 at least, so it can be assumed that TLS will be used, and therefore the size will be 12 bytes.

Thus, the minimum can be as large (or small) as:

 20 + 28 + 170 + 75 + 800 + 130 + 2*1 + 2*12 β‰ˆ 1249

Although, according to the article, the average value is about 6449 bytes.

It is also important to know that TLS sessions can be resumed, so only one connection has this overhead. All other messages have about 330 bytes plus.

0
source

More articles:


All Articles