Skip to main content

HTTP, TLS, and Application Workshop

Retrieval Prompts

  1. Write the shape of an HTTP/1.1 request, header by header.
  2. Write the shape of an HTTP/1.1 response, with one header that sets body framing.
  3. Name the status classes (first digit) and what each class means.
  4. List the three properties TLS provides to the channel above it.
  5. Explain, in one sentence each, what HTTP/2 and HTTP/3 change relative to HTTP/1.1.

Compare and Distinguish

Separate these pairs clearly:

  • HTTP/1.1 pipelining versus HTTP/2 multiplexing
  • HTTP/2 over TCP versus HTTP/3 over QUIC
  • Content-Length versus Transfer-Encoding: chunked
  • TLS certificate versus TLS private key
  • symmetric crypto versus public-key crypto

Common Mistake Check

For each statement, identify the error:

  1. "HTTPS encrypts the URL."
  2. "HTTP/2 eliminates head-of-line blocking entirely."
  3. "A 500 means the user did something wrong."
  4. "PUT and POST are interchangeable."
  5. "TLS is just encryption -- authentication is a separate feature."

Status Code Design

For each scenario, pick the status code you would return. Justify in one sentence.

  1. The resource does not exist, but might in the future.
  2. The resource used to exist and has been permanently removed.
  3. The request is well-formed but the user is not authenticated.
  4. The request is well-formed and authenticated, but the user lacks permission.
  5. The server understood the request but cannot process it due to a bug.
  6. The request body is too large for the server to process.
  7. A dependency (database) is unreachable.

Reading a Real Exchange

Capture your own. Run:

curl -v https://example.com/ 2>&1 | tee http-exchange.txt

From the output, identify:

  1. The TLS handshake lines (look for SSL connection using).
  2. The request line and every request header.
  3. The status line and every response header.
  4. Where the response body starts.
  5. Whether the connection is kept alive after the response.

Then do it again with --http1.1, --http2, and (if available) --http3 and note differences in the banner and number of round trips.

TLS Handshake Walkthrough

Write out the TLS 1.3 handshake in your own words. At each step, say:

  1. Who sends the message.
  2. What information it carries that matters.
  3. What the other side can compute or verify after receiving it.

Then answer:

  • Why does TLS 1.3 need only one round trip, while TLS 1.2 needed two?
  • What does the certificate chain prove, and what does it not prove?

Evidence Check

This page is complete only if you can hand-write a minimal HTTP/1.1 request and response from memory and explain, at the level of what the bytes assert, why HTTPS is safer than HTTP.