HTTPS有状态还是无状态? [英] Is HTTPS Stateful or Stateless?
问题描述
我想要澄清HTTPS是有状态还是无状态?这是关于我构建的RESTful API。我们最初使用的是HTTP。由于HTTP本质上是在无状态的TCP / IP上工作,因此HTTP是无状态的,但是当我切换到HTTPS时,我的API变为有状态。我想知道我的结论是HTTPS是有状态的。是对还是不对?
我使用名为webMethods的中间件工具创建了我的API。
谢谢
I want a bit of clarity on whether HTTPS is stateful or stateless? This is with regards to a RESTful API I built. We were initially using HTTP. Since HTTP essentially works over TCP/IP which is stateless hence HTTP is stateless, but when I switched to HTTPS my API became stateful. I wanted to know whether my conclusion that HTTPS is stateful. is correct or not? I created my API using a middleware tool called webMethods. Thanks
推荐答案
TLS / SSL是有状态的。 Web服务器和客户端(浏览器)缓存包含加密密钥的会话以提高性能,并为每个请求执行不执行密钥交换。
TLS/SSL is stateful. The web server and the client (browser) cache the session including the cryptographic keys to improve performance and do not perform key exchange for every request.
HTTP 1没有状态。 HTTP / 2确实有一些有状态组件,但应用程序层仍然是无状态的。
HTTP 1 is not stateful. HTTP/2 however does have a few stateful components, but the "application layer" still remains stateless.
TL; DR:传输管道(TLS)是有状态的,而HTTP则不是。
TL;DR: The transport pipe (TLS) is stateful, HTTP is not.
附加说明:Cookie和其他有状态机制是后来在单独的RFC中定义的添加内容。它们不是原始 HTTP / 1.0 规范的一部分,并且未在 HTTP 1.1 RFC 。 HTTP 1被认为是无状态的,尽管在实践中我们使用标准化的有状态机制。 HTTP / 2在其标准中定义了有状态组件,因此是有状态的。特定的HTTP / 2应用程序可以使用HTTP / 2功能的子集来维护无状态。
Additional note: Cookies and other stateful mechanisms are later additions defined in separate RFC's. They are not part of the original HTTP/1.0 specification and are not mentioned in the HTTP 1.1 RFC. HTTP 1 is said to be stateless although in practice we use standardized stateful mechanisms. HTTP/2 defines stateful components in its standard and is therefore stateful. A particular HTTP/2 application can use a subset of HTTP/2 features to maintain statelessness.
这篇关于HTTPS有状态还是无状态?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
