HTTPμ HTTPS
HTTPμ HTTPS¶
κ°μ¶
HTTP(HyperText Transfer Protocol)λ μΉμμ ν΄λΌμ΄μΈνΈμ μλ² κ° λ°μ΄ν°λ₯Ό μ£Όκ³ λ°κΈ° μν μ ν리μΌμ΄μ κ³μΈ΅ νλ‘ν μ½μ λλ€. HTTPSλ HTTPμ TLS/SSL μνΈνλ₯Ό μΆκ°νμ¬ λ³΄μμ κ°νν νλ‘ν μ½μ λλ€.
λμ΄λ: βββ
νμ΅ λͺ©ν: - HTTP μμ²/μλ΅ κ΅¬μ‘° μ΄ν΄ - HTTP λ©μλμ μν μ½λ μμ§ - HTTP λ²μ λ³ μ°¨μ΄μ νμ - HTTPSμ TLS/SSL λμ μ리 μ΄ν΄
λͺ©μ°¨¶
- HTTP κΈ°μ΄
- HTTP λ©μλ
- HTTP μν μ½λ
- HTTP ν€λ
- HTTP λ²μ λΉκ΅
- HTTPSμ TLS/SSL
- μΈμ¦μ
- μ°μ΅ λ¬Έμ
- λ€μ λ¨κ³
- μ°Έκ³ μλ£
1. HTTP 기촶
HTTP ν΅μ ꡬ쑰¶
ββββββββββββββββ ββββββββββββββββ
β ν΄λΌμ΄μΈνΈ β β μλ² β
β (λΈλΌμ°μ ) β β (μΉ μλ²) β
ββββββββββββββββ€ ββββββββββββββββ€
β β ββββ HTTP μμ² βββββββββΆ β β
β GET /index β (λ©μλ, URL, ν€λ, λ°λ) β Nginx β
β β β Apache β
β β βββββ HTTP μλ΅ ββββββββ β β
β HTML νμ΄μ§ β (μνμ½λ, ν€λ, λ°λ) β β
ββββββββββββββββ ββββββββββββββββ
β β
β TCP μ°κ²° (κΈ°λ³Έ ν¬νΈ 80) β
ββββββββββββββββββββββββββββββββββββββββββββββ
HTTP νΉμ±¶
| νΉμ± | μ€λͺ |
|---|---|
| λΉμ°κ²°μ± (Connectionless) | μμ²-μλ΅ ν μ°κ²° μ’ λ£ (HTTP/1.0) |
| 무μν (Stateless) | κ° μμ²μ λ 립μ , μ΄μ μν λ―Έλ³΄κ΄ |
| ν μ€νΈ κΈ°λ° | μ¬λμ΄ μ½μ μ μλ νμ |
| μμ²-μλ΅ | ν΄λΌμ΄μΈνΈ μμ², μλ² μλ΅ |
HTTP μμ² κ΅¬μ‘°¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β μμ² λΌμΈ (Request Line) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β GET /api/users HTTP/1.1 β
β βββ ββββββββββ βββββββββ β
β λ©μλ URI λ²μ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β ν€λ (Headers) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Host: api.example.com β
β User-Agent: Mozilla/5.0 β
β Accept: application/json β
β Content-Type: application/json β
β Authorization: Bearer eyJhbGciOiJ... β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β λΉ μ€ (CRLF) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β λ°λ (Body) - μ νμ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β {"name": "John", "email": "john@example.com"} β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
HTTP μλ΅ κ΅¬μ‘°¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β μν λΌμΈ (Status Line) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β HTTP/1.1 200 OK β
β βββββββββ βββ ββ β
β λ²μ μνμ½λ μ¬μ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β ν€λ (Headers) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Content-Type: application/json β
β Content-Length: 128 β
β Date: Mon, 27 Jan 2026 10:30:00 GMT β
β Server: nginx/1.24.0 β
β Cache-Control: no-cache β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β λΉ μ€ (CRLF) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β λ°λ (Body) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β {"id": 1, "name": "John", "status": "active"} β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
curlλ‘ HTTP μμ² νμΈ¶
# κΈ°λ³Έ GET μμ²
curl http://example.com
# ν€λ ν¬ν¨ μΆλ ₯
curl -i http://example.com
# μμ²/μλ΅ μμΈ νμΈ
curl -v http://example.com
# ν€λλ§ μΆλ ₯
curl -I http://example.com
# JSON POST μμ²
curl -X POST http://api.example.com/users \
-H "Content-Type: application/json" \
-d '{"name": "John"}'
2. HTTP λ©μλ¶
μ£Όμ HTTP λ©μλ¶
ββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββ
β λ©μλ β μ€λͺ
β
ββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββ€
β GET β 리μμ€ μ‘°ν (μ½κΈ°) β
β POST β 리μμ€ μμ± (μ°κΈ°) β
β PUT β 리μμ€ μ 체 μμ (λ체) β
β PATCH β 리μμ€ μΌλΆ μμ β
β DELETE β 리μμ€ μμ β
β HEAD β ν€λλ§ μ‘°ν (λ°λ μμ) β
β OPTIONS β μ§μ λ©μλ νμΈ β
β TRACE β 루νλ°± ν
μ€νΈ (λλ²κΉ
) β
β CONNECT β νλ‘μ ν°λ μ°κ²° β
ββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββ
λ©μλ μ챶
ββββββββββββββ¬βββββββββββββ¬βββββββββββββββ¬βββββββββββββββ
β λ©μλ β μμ μ± β λ©±λ±μ± β μΊμ κ°λ₯ β
β β (Safe) β (Idempotent) β (Cacheable) β
ββββββββββββββΌβββββββββββββΌβββββββββββββββΌβββββββββββββββ€
β GET β O β O β O β
β HEAD β O β O β O β
β OPTIONS β O β O β X β
β POST β X β X β μ‘°κ±΄λΆ β
β PUT β X β O β X β
β DELETE β X β O β X β
β PATCH β X β X β X β
ββββββββββββββ΄βββββββββββββ΄βββββββββββββββ΄βββββββββββββββ
* μμ μ±: μλ² μνλ₯Ό λ³κ²½νμ§ μμ
* λ©±λ±μ±: μ¬λ¬ λ² μ€νν΄λ κ²°κ³Όκ° λμΌ
* μΊμ κ°λ₯: μλ΅μ μΊμν μ μμ
GET vs POST λΉκ΅¶
| νΉμ± | GET | POST |
|---|---|---|
| μ©λ | λ°μ΄ν° μ‘°ν | λ°μ΄ν° μ μ‘/μμ± |
| λ°μ΄ν° μμΉ | URL 쿼리 μ€νΈλ§ | μμ² λ°λ |
| λ°μ΄ν° ν¬κΈ° | URL κΈΈμ΄ μ ν (~2KB) | μ ν μμ |
| μΊμ± | κ°λ₯ | κΈ°λ³Έμ μΌλ‘ λΆκ° |
| 보μ | URLμ λ ΈμΆ | μλμ μΌλ‘ μμ |
| λΆλ§ν¬ | κ°λ₯ | λΆκ° |
RESTful APIμμμ λ©μλ ν쩶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β RESTful API μμ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β μμ
β λ©μλ β μλν¬μΈνΈ β μ€λͺ
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β λͺ©λ‘ μ‘°ν β GET β /api/users β λͺ¨λ μ¬μ©μ μ‘°ν β
β λ¨μΌ μ‘°ν β GET β /api/users/1 β ID=1 μ¬μ©μ μ‘°ν β
β μμ± β POST β /api/users β μ μ¬μ©μ μμ± β
β μ 체 μμ β PUT β /api/users/1 β μ¬μ©μ μ 체 μ
λ°μ΄νΈ β
β μΌλΆ μμ β PATCH β /api/users/1 β μ¬μ©μ μΌλΆ μ
λ°μ΄νΈ β
β μμ β DELETE β /api/users/1 β μ¬μ©μ μμ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
λ©μλλ³ μμ² μμ¶
# GET - 리μμ€ μ‘°ν
curl -X GET "http://api.example.com/users?page=1&limit=10"
# POST - 리μμ€ μμ±
curl -X POST http://api.example.com/users \
-H "Content-Type: application/json" \
-d '{
"name": "νκΈΈλ",
"email": "hong@example.com"
}'
# PUT - μ 체 μμ
curl -X PUT http://api.example.com/users/1 \
-H "Content-Type: application/json" \
-d '{
"name": "νκΈΈλ",
"email": "hong.new@example.com",
"status": "active"
}'
# PATCH - μΌλΆ μμ
curl -X PATCH http://api.example.com/users/1 \
-H "Content-Type: application/json" \
-d '{"status": "inactive"}'
# DELETE - μμ
curl -X DELETE http://api.example.com/users/1
# HEAD - ν€λλ§ μ‘°ν
curl -I http://api.example.com/users/1
# OPTIONS - μ§μ λ©μλ νμΈ
curl -X OPTIONS http://api.example.com/users
3. HTTP μν μ½λ¶
μν μ½λ λΆλ₯¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTP μν μ½λ λΆλ₯ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β λΆλ₯ β λ²μ β μλ―Έ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1xx β 100-199 β μ λ³΄μ± (Informational) - μ²λ¦¬ μ€ β
β 2xx β 200-299 β μ±κ³΅ (Success) - μμ² μ±κ³΅ β
β 3xx β 300-399 β 리λ€μ΄λ μ
(Redirection) - μΆκ° μ‘°μΉ νμ β
β 4xx β 400-499 β ν΄λΌμ΄μΈνΈ μ€λ₯ (Client Error) β
β 5xx β 500-599 β μλ² μ€λ₯ (Server Error) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
1xx - μ λ³΄μ± μ롶
| μ½λ | μ΄λ¦ | μ€λͺ |
|---|---|---|
| 100 | Continue | μμ² κ³μ μ§ν κ°λ₯ |
| 101 | Switching Protocols | νλ‘ν μ½ μ ν (WebSocket λ±) |
| 102 | Processing | μ²λ¦¬ μ€ (WebDAV) |
2xx - μ±κ³΅ μ롶
| μ½λ | μ΄λ¦ | μ€λͺ | μ¬μ© μμ |
|---|---|---|---|
| 200 | OK | μμ² μ±κ³΅ | GET μ±κ³΅ |
| 201 | Created | 리μμ€ μμ±λ¨ | POST μ±κ³΅ |
| 202 | Accepted | μμ² μλ½λ¨ (λΉλκΈ° μ²λ¦¬) | λΉλκΈ° μμ |
| 204 | No Content | μ±κ³΅, μλ΅ λ°λ μμ | DELETE μ±κ³΅ |
| 206 | Partial Content | μΌλΆ μ½ν μΈ | λ²μ μμ² |
3xx - 리λ€μ΄λ μ ¶
| μ½λ | μ΄λ¦ | μ€λͺ | μΊμ |
|---|---|---|---|
| 301 | Moved Permanently | μꡬ μ΄λ | μΊμλ¨ |
| 302 | Found | μμ μ΄λ | μΊμ μλ¨ |
| 303 | See Other | λ€λ₯Έ μμΉ (GETμΌλ‘ λ³κ²½) | μΊμ μλ¨ |
| 304 | Not Modified | λ³κ²½ μμ (μΊμ μ¬μ©) | - |
| 307 | Temporary Redirect | μμ μ΄λ (λ©μλ μ μ§) | μΊμ μλ¨ |
| 308 | Permanent Redirect | μꡬ μ΄λ (λ©μλ μ μ§) | μΊμλ¨ |
4xx - ν΄λΌμ΄μΈνΈ μ€λ₯¶
| μ½λ | μ΄λ¦ | μ€λͺ |
|---|---|---|
| 400 | Bad Request | μλͺ»λ μμ² (λ¬Έλ² μ€λ₯) |
| 401 | Unauthorized | μΈμ¦ νμ |
| 403 | Forbidden | μ κ·Ό κΈμ§ (κΆν μμ) |
| 404 | Not Found | 리μμ€ μμ |
| 405 | Method Not Allowed | νμ©λμ§ μμ λ©μλ |
| 408 | Request Timeout | μμ² μκ° μ΄κ³Ό |
| 409 | Conflict | μΆ©λ (λμ μμ λ±) |
| 413 | Payload Too Large | μμ² λ°λ λ무 νΌ |
| 414 | URI Too Long | URI λ무 κΉ |
| 415 | Unsupported Media Type | μ§μνμ§ μλ λ―Έλμ΄ νμ |
| 422 | Unprocessable Entity | μ²λ¦¬ λΆκ°λ₯ν μν°ν° |
| 429 | Too Many Requests | μμ² νμ μ΄κ³Ό (Rate Limit) |
5xx - μλ² μ€λ₯¶
| μ½λ | μ΄λ¦ | μ€λͺ |
|---|---|---|
| 500 | Internal Server Error | μλ² λ΄λΆ μ€λ₯ |
| 501 | Not Implemented | ꡬνλμ§ μμ |
| 502 | Bad Gateway | κ²μ΄νΈμ¨μ΄ μ€λ₯ |
| 503 | Service Unavailable | μλΉμ€ μ΄μ© λΆκ° |
| 504 | Gateway Timeout | κ²μ΄νΈμ¨μ΄ μκ° μ΄κ³Ό |
μν μ½λ νλ¦λ¶
βββββββββββββββ
β HTTP μμ² β
ββββββββ¬βββββββ
β
ββββββββΌβββββββ
β μμ² κ²μ¦ β
ββββββββ¬βββββββ
β
βββββββββββββββββββββΌββββββββββββββββββββ
β β β
ββββββββΌβββββββ ββββββββΌβββββββ ββββββββΌβββββββ
β λ¬Έλ² μ€λ₯ β β μΈμ¦ νμΈ β β κΆν νμΈ β
ββββββββ¬βββββββ ββββββββ¬βββββββ ββββββββ¬βββββββ
β β β
ββββββββΌβββββββ ββββββββΌβββββββ ββββββββΌβββββββ
β 400 β β 401 β β 403 β
β Bad Request β βUnauthorized β β Forbidden β
βββββββββββββββ βββββββββββββββ βββββββββββββββ
ββββββββββββββββ
β 리μμ€ μ‘°ν β
ββββββββ¬ββββββββ
β
βββββββββββββββΌββββββββββββββ
β β β
ββββββββΌβββββββ βββββΌββββ ββββββββΌβββββββ
β 리μμ€ μμ β β μ±κ³΅ β β μλ² μ€λ₯ β
ββββββββ¬βββββββ βββββ¬ββββ ββββββββ¬βββββββ
β β β
ββββββββΌβββββββ βββββΌββββ ββββββββΌβββββββ
β 404 β β 200 β β 500 β
β Not Found β β OK β β Internal β
βββββββββββββββ βββββββββ βββββββββββββββ
4. HTTP ν€λ¶
ν€λ λΆλ₯¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTP ν€λ λΆλ₯ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β λΆλ₯ β μ€λͺ
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β μΌλ° ν€λ β μμ²/μλ΅ λͺ¨λ μ¬μ© (Date, Connection λ±) β
β μμ² ν€λ β ν΄λΌμ΄μΈνΈ μ 보 (Host, User-Agent λ±) β
β μλ΅ ν€λ β μλ² μ 보 (Server, Set-Cookie λ±) β
β μν°ν° ν€λ β λ³Έλ¬Έ μ 보 (Content-Type, Content-Length λ±) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
μ£Όμ μμ² ν€λ¶
| ν€λ | μ€λͺ | μμ |
|---|---|---|
| Host | μμ² νΈμ€νΈ | Host: api.example.com |
| User-Agent | ν΄λΌμ΄μΈνΈ μ 보 | User-Agent: Mozilla/5.0 |
| Accept | μνλ μλ΅ νμ | Accept: application/json |
| Accept-Language | μ νΈ μΈμ΄ | Accept-Language: ko-KR,ko;q=0.9 |
| Accept-Encoding | μ§μ μΈμ½λ© | Accept-Encoding: gzip, deflate |
| Authorization | μΈμ¦ μ 보 | Authorization: Bearer token123 |
| Cookie | μΏ ν€ μ μ‘ | Cookie: session_id=abc123 |
| Content-Type | μμ² λ°λ νμ | Content-Type: application/json |
| Content-Length | μμ² λ°λ ν¬κΈ° | Content-Length: 256 |
| Referer | μ΄μ νμ΄μ§ URL | Referer: https://google.com |
| Origin | μμ² μΆμ² | Origin: https://example.com |
μ£Όμ μλ΅ ν€λ¶
| ν€λ | μ€λͺ | μμ |
|---|---|---|
| Content-Type | μλ΅ λ°λ νμ | Content-Type: text/html; charset=utf-8 |
| Content-Length | μλ΅ λ°λ ν¬κΈ° | Content-Length: 1024 |
| Content-Encoding | μμΆ λ°©μ | Content-Encoding: gzip |
| Cache-Control | μΊμ μ μ΄ | Cache-Control: max-age=3600 |
| Expires | λ§λ£ μκ° | Expires: Wed, 27 Jan 2027 10:00:00 GMT |
| ETag | 리μμ€ λ²μ μλ³μ | ETag: "abc123" |
| Last-Modified | λ§μ§λ§ μμ μκ° | Last-Modified: Mon, 01 Jan 2026 00:00:00 GMT |
| Set-Cookie | μΏ ν€ μ€μ | Set-Cookie: id=abc; HttpOnly; Secure |
| Location | 리λ€μ΄λ νΈ μμΉ | Location: https://example.com/new |
| Server | μλ² μ 보 | Server: nginx/1.24.0 |
보μ κ΄λ ¨ ν€λ¶
| ν€λ | μ€λͺ |
|---|---|
| Strict-Transport-Security (HSTS) | HTTPS κ°μ |
| X-Content-Type-Options | MIME μ€λν λ°©μ§ |
| X-Frame-Options | ν΄λ¦μ¬νΉ λ°©μ§ |
| X-XSS-Protection | XSS νν° νμ±ν |
| Content-Security-Policy (CSP) | μ½ν μΈ λ³΄μ μ μ± |
| Access-Control-Allow-Origin | CORS νμ© μΆμ² |
μΊμ± κ΄λ ¨ ν€λ¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTP μΊμ± νλ¦ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β [ν΄λΌμ΄μΈνΈ] [μλ²] β
β β β β
β βββββ GET /image.png βββββββββββββββββΆ β β
β β β β
β βββββ 200 OK βββββββββββββββββββββββββββ β
β β Cache-Control: max-age=3600 β β
β β ETag: "abc123" β β
β β Last-Modified: Mon, 01 Jan... β β
β β β β
β [μΊμ μ μ₯] β β
β β β β
β βββββ GET /image.png βββββββββββββββββΆ β β
β β If-None-Match: "abc123" β β
β β β β
β βββββ 304 Not Modified βββββββββββββββββ β
β β (λ°λ μμ, μΊμ μ¬μ©) β β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Cache-Control μ§μμ¶
| μ§μμ | μ€λͺ |
|---|---|
no-store |
μΊμ μ μ₯ κΈμ§ |
no-cache |
μΊμ μ¬μ© μ κ²μ¦ νμ |
max-age=N |
Nμ΄ λμ μ ν¨ |
s-maxage=N |
곡μ μΊμμμ Nμ΄ μ ν¨ |
private |
κ°μΈ μΊμλ§ νμ© |
public |
곡μ μΊμ νμ© |
must-revalidate |
λ§λ£ ν λ°λμ κ²μ¦ |
5. HTTP λ²μ λΉκ΅¶
HTTP λ²μ λ°μ ¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTP λ²μ λ°μ κ³Όμ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β HTTP/0.9 (1991) β
β βββ GETλ§ μ§μ, ν€λ μμ β
β β β
β βΌ β
β HTTP/1.0 (1996) β
β βββ ν€λ μΆκ°, μν μ½λ, POST/HEAD β
β β β
β βΌ β
β HTTP/1.1 (1997) β
β βββ μ§μ μ°κ²°, νμ΄νλΌμ΄λ, Host ν€λ νμ β
β β β
β βΌ β
β HTTP/2 (2015) β
β βββ λ°μ΄λ리 νλ‘ν μ½, λ©ν°νλ μ±, ν€λ μμΆ β
β β β
β βΌ β
β HTTP/3 (2022) β
β βββ QUIC (UDP κΈ°λ°), ν₯μλ μ°κ²° μ€μ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
HTTP/1.1 vs HTTP/2 vs HTTP/3¶
| νΉμ± | HTTP/1.1 | HTTP/2 | HTTP/3 |
|---|---|---|---|
| νλ‘ν μ½ | ν μ€νΈ | λ°μ΄λ리 | λ°μ΄λ리 |
| μ μ‘ κ³μΈ΅ | TCP | TCP | QUIC (UDP) |
| λ©ν°νλ μ± | X | O | O |
| ν€λ μμΆ | X | HPACK | QPACK |
| μλ² νΈμ | X | O | O |
| μ°κ²°λΉ μμ² | μμ°¨μ | λμ λ€μ€ | λμ λ€μ€ |
| HOL Blocking | μμ | TCP μμ€μ μμ | μμ |
HTTP/1.1 μ°κ²° λ°©μ¶
HTTP/1.0 (λΉμ°κ²°) HTTP/1.1 (μ§μ μ°κ²°)
μμ² 1 βββββββΆ μμ² 1 βββββββΆ
βββββββ μλ΅ 1 βββββββ μλ΅ 1
[μ°κ²° μ’
λ£] μμ² 2 βββββββΆ
μμ² 2 βββββββΆ βββββββ μλ΅ 2
βββββββ μλ΅ 2 μμ² 3 βββββββΆ
[μ°κ²° μ’
λ£] βββββββ μλ΅ 3
μμ² 3 βββββββΆ [μ°κ²° μ μ§ ν μ’
λ£]
βββββββ μλ΅ 3
[μ°κ²° μ’
λ£]
β» 3λ²μ TCP μ°κ²° β» 1λ²μ TCP μ°κ²°
HTTP/2 λ©ν°νλ 챶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTP/2 λ©ν°νλ μ± β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β HTTP/1.1 (μμ°¨ μ²λ¦¬) β HTTP/2 (λμ μ²λ¦¬) β
β β β
β μμ²1 βββββββββββββββΆ β μμ²1 βββββΆ β
β μλ΅1 βββββββββββββββ β μμ²2 βββββΆ (λμ) β
β μμ²2 βββββββββββββββΆ β μμ²3 βββββΆ (λμ) β
β μλ΅2 βββββββββββββββ β μλ΅2 βββββ β
β μμ²3 βββββββββββββββΆ β μλ΅1 βββββ β
β μλ΅3 βββββββββββββββ β μλ΅3 βββββ β
β β β
β ββββββββββββββββββββββ€ β ββββββββββββββββ€ β
β κΈ΄ μκ° β 짧μ μκ° β
β β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
HTTP/3μ QUIC¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTP/3 (QUIC κΈ°λ°) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββ βββββββββββββββ β
β β HTTP/2 β β HTTP/3 β β
β βββββββββββββββ€ βββββββββββββββ€ β
β β TLS β β QUIC βββ TLS 1.3 λ΄μ₯ β
β βββββββββββββββ€ β (μνΈν) β β
β β TCP β βββββββββββββββ€ β
β βββββββββββββββ€ β UDP β β
β β IP β βββββββββββββββ€ β
β βββββββββββββββ β IP β β
β βββββββββββββββ β
β β
β QUIC μ₯μ : β
β - 0-RTT μ°κ²° (μ¬μ°κ²° μ) β
β - ν¨ν· μμ€ μ λ€λ₯Έ μ€νΈλ¦Ό μν₯ μμ β
β - μ°κ²° λ§μ΄κ·Έλ μ΄μ
(IP λ³κ²½ μμλ μ°κ²° μ μ§) β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
6. HTTPSμ TLS/SSL¶
HTTPS κ°μ¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTP vs HTTPS β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β HTTP (Port 80) β HTTPS (Port 443) β
β β β
β βββββββββββββββ β βββββββββββββββ β
β β HTTP β β β HTTP β β
β βββββββββββββββ€ β βββββββββββββββ€ β
β β TCP β β β TLS/SSL βββ μνΈν κ³μΈ΅ β
β βββββββββββββββ€ β βββββββββββββββ€ β
β β IP β β β TCP β β
β βββββββββββββββ β βββββββββββββββ€ β
β β β IP β β
β νλ¬Έ μ μ‘ β βββββββββββββββ β
β λ°μ΄ν° λ
ΈμΆ μν β β
β β μνΈνλ μ μ‘ β
β β λ°μ΄ν° λ³΄νΈ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
TLS/SSL μ쬶
| λ²μ | μ°λ | μν |
|---|---|---|
| SSL 2.0 | 1995 | νκΈ° (보μ μ·¨μ½) |
| SSL 3.0 | 1996 | νκΈ° (POODLE μ·¨μ½μ ) |
| TLS 1.0 | 1999 | νκΈ° κΆμ₯ |
| TLS 1.1 | 2006 | νκΈ° κΆμ₯ |
| TLS 1.2 | 2008 | μ¬μ© μ€ |
| TLS 1.3 | 2018 | κΆμ₯ (νμ¬ μ΅μ ) |
TLS νΈλμ °μ΄ν¬ (TLS 1.2)¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β TLS 1.2 νΈλμ
°μ΄ν¬ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β [ν΄λΌμ΄μΈνΈ] [μλ²] β
β β β β
β βββ(1) ClientHello ββββββββββββββββββΆ β β
β β - μ§μ TLS λ²μ β β
β β - μ§μ μνΈν μ€μνΈ β β
β β - ν΄λΌμ΄μΈνΈ λμ β β
β β β β
β βββ(2) ServerHello βββββββββββββββββββ β β
β β - μ νλ TLS λ²μ β β
β β - μ νλ μνΈν μ€μνΈ β β
β β - μλ² λμ β β
β β β β
β βββ(3) Certificate βββββββββββββββββββ β β
β β - μλ² μΈμ¦μ (곡κ°ν€ ν¬ν¨) β β
β β β β
β βββ(4) ServerHelloDone ββββββββββββββ β β
β β β β
β βββ(5) ClientKeyExchange ββββββββββββΆ β β
β β - Pre-Master Secret (μνΈν) β β
β β β β
β βββ(6) ChangeCipherSpec βββββββββββββΆ β β
β βββ(7) Finished βββββββββββββββββββββΆ β β
β β β β
β βββ(8) ChangeCipherSpec ββββββββββββββββ β
β βββ(9) Finished ββββββββββββββββββββββββ β
β β β β
β ββββββββββ μνΈνλ ν΅μ ββββββββββββββββΆβ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
TLS 1.3 νΈλμ °μ΄ν¬ (κ°μν)¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β TLS 1.3 νΈλμ
°μ΄ν¬ (1-RTT) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β [ν΄λΌμ΄μΈνΈ] [μλ²] β
β β β β
β βββ(1) ClientHello + KeyShare βββββββΆ β β
β β β β
β βββ(2) ServerHello + KeyShare ββββββββββ β
β β Certificate β β
β β Finished β β
β β β β
β βββ(3) Finished βββββββββββββββββββββΆ β β
β β β β
β ββββββββββ μνΈνλ ν΅μ ββββββββββββββββΆβ β
β β
β β» 1 RTT (μ볡)λ§μ νΈλμ
°μ΄ν¬ μλ£ β
β β» 0-RTT: μ΄μ μΈμ
μ¬κ° μ 첫 μμ²λΆν° λ°μ΄ν° μ μ‘ κ°λ₯ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
μνΈν μ’ λ₯¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β μνΈν λ°©μ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β λμΉν€ μνΈν (Symmetric) β
β βββββββββββββββββββββββββ β
β - κ°μ ν€λ‘ μνΈν/볡νΈν β
β - λΉ λ₯Έ μλ β
β - μ: AES, ChaCha20 β
β β
β νλ¬Έ ββ[ν€]βββΆ μνΈλ¬Έ ββ[ν€]βββΆ νλ¬Έ β
β β
β λΉλμΉν€ μνΈν (Asymmetric) β
β βββββββββββββββββββββββββ β
β - 곡κ°ν€/κ°μΈν€ μ μ¬μ© β
β - λλ¦° μλ, ν€ κ΅νμ μ¬μ© β
β - μ: RSA, ECDSA β
β β
β νλ¬Έ ββ[곡κ°ν€]βββΆ μνΈλ¬Έ ββ[κ°μΈν€]βββΆ νλ¬Έ β
β β
β TLSμμμ νμ© β
β βββββββββββββ β
β 1. λΉλμΉν€λ‘ μΈμ
ν€ κ΅ν β
β 2. λμΉν€(μΈμ
ν€)λ‘ μ€μ λ°μ΄ν° μνΈν β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
7. μΈμ¦μ¶
μΈμ¦μ ꡬ쑰¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β X.509 μΈμ¦μ ꡬ쑰 β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β λ²μ (Version): V3 β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β μΌλ ¨λ²νΈ (Serial Number): 0x1234... β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β μλͺ
μκ³ λ¦¬μ¦ (Signature Algorithm): SHA256withRSA β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β λ°κΈμ (Issuer): CN=Let's Encrypt Authority X3 β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β μ ν¨ κΈ°κ° (Validity) β β
β β Not Before: 2026-01-01 00:00:00 β β
β β Not After: 2026-04-01 00:00:00 β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β 주체 (Subject): CN=www.example.com β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β 곡κ°ν€ μ 보 (Public Key Info) β β
β β Algorithm: RSA β β
β β Key Size: 2048 bits β β
β β Public Key: 30 82 01 0a 02 82 01 01 00... β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β νμ₯ (Extensions) β β
β β Subject Alternative Names: www.example.com, β β
β β example.com β β
β β Key Usage: Digital Signature, Key Encipherment β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β μλͺ
(Signature): 48 46 2b 88 2d... β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
μΈμ¦μ 체츶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β μΈμ¦μ μ²΄μΈ (Chain of Trust) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β λ£¨νΈ μΈμ¦μ (Root CA) β β
β β - μ체 μλͺ
(Self-signed) β β
β β - λΈλΌμ°μ /OSμ λ΄μ₯ β β
β β - μ: DigiCert, GlobalSign β β
β ββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββ β
β β μλͺ
β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β μ€κ° μΈμ¦μ (Intermediate CA) β β
β β - λ£¨νΈ CAκ° μλͺ
β β
β β - μ: Let's Encrypt R3 β β
β ββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββ β
β β μλͺ
β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β μλ² μΈμ¦μ (End-Entity) β β
β β - μ€κ° CAκ° μλͺ
β β
β β - λλ©μΈ: www.example.com β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β κ²μ¦ μμ: μλ² μΈμ¦μ β μ€κ° μΈμ¦μ β λ£¨νΈ μΈμ¦μ (μ λ’° νμΈ) β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
μΈμ¦μ μ’ λ₯¶
| μ’ λ₯ | κ²μ¦ μμ€ | λ°κΈ μκ° | μ©λ |
|---|---|---|---|
| DV (Domain Validation) | λλ©μΈ μμ κΆλ§ | λͺ λΆ | κ°μΈ, λΈλ‘κ·Έ |
| OV (Organization Validation) | μ‘°μ§ κ²μ¦ | 1-3μΌ | κΈ°μ , κΈ°κ΄ |
| EV (Extended Validation) | μ격ν κ²μ¦ | 1-2μ£Ό | κΈμ΅, λκΈ°μ |
| Wildcard | μλΈλλ©μΈ ν¬ν¨ | λ€μ | *.example.com |
| Multi-Domain (SAN) | μ¬λ¬ λλ©μΈ | λ€μ | μ¬λ¬ λλ©μΈ |
μΈμ¦μ λ°κΈ κ³Όμ (Let's Encrypt)¶
# Certbot μ€μΉ (Ubuntu)
sudo apt install certbot python3-certbot-nginx
# μΈμ¦μ λ°κΈ (Nginx)
sudo certbot --nginx -d example.com -d www.example.com
# μΈμ¦μ λ°κΈ (Apache)
sudo certbot --apache -d example.com
# μΈμ¦μ κ°±μ
sudo certbot renew
# μΈμ¦μ νμΈ
sudo certbot certificates
# μλ κ°±μ (cron)
0 12 * * * /usr/bin/certbot renew --quiet
μΈμ¦μ νμΈ λͺ λ Ήμ΄¶
# λλ©μΈ μΈμ¦μ νμΈ
openssl s_client -connect example.com:443 -servername example.com
# μΈμ¦μ μμΈ μ 보
echo | openssl s_client -connect example.com:443 2>/dev/null | \
openssl x509 -noout -text
# λ§λ£μΌ νμΈ
echo | openssl s_client -connect example.com:443 2>/dev/null | \
openssl x509 -noout -enddate
# λ‘컬 μΈμ¦μ νμΌ νμΈ
openssl x509 -in certificate.crt -text -noout
8. μ°μ΅ λ¬Έμ ¶
κΈ°μ΄ λ¬Έμ ¶
- HTTP λ©μλ
- GETκ³Ό POSTμ μ°¨μ΄μ 3κ°μ§λ₯Ό μ€λͺ νμΈμ.
-
λ©±λ±μ±(Idempotent)μ΄λ 무μμ΄λ©°, λ©±λ±ν λ©μλλ₯Ό λͺ¨λ λμ΄νμΈμ.
-
μν μ½λ
-
λ€μ μν©μ μ μ ν μν μ½λλ₯Ό μ ννμΈμ:
- μ¬μ©μ λ‘κ·ΈμΈ μ€ν¨ (μΈμ¦ μ€ν¨)
- νμ΄μ§λ₯Ό μ°Ύμ μ μμ
- μλ² λ΄λΆ μ€λ₯ λ°μ
- POST μμ²μΌλ‘ 리μμ€ μμ± μ±κ³΅
-
ν€λ
- Cache-Control: no-cacheμ no-storeμ μ°¨μ΄λ?
- ETag ν€λμ μ©λλ 무μμΈκ°μ?
μ€κΈ λ¬Έμ ¶
- HTTP λ²μ
- HTTP/1.1μ HOL(Head-of-Line) Blocking λ¬Έμ λ₯Ό μ€λͺ νμΈμ.
-
HTTP/2κ° μ΄ λ¬Έμ λ₯Ό μ΄λ»κ² ν΄κ²°νλμ?
-
HTTPS/TLS
- HTTPSλ₯Ό μ¬μ©νλ©΄ μ»μ μ μλ 보μ μ΄μ 3κ°μ§λ?
-
TLS 1.2μ TLS 1.3μ νΈλμ °μ΄ν¬ RTT μ°¨μ΄λ?
-
μ€μ΅ λ¬Έμ
# λ€μ curl λͺ
λ Ήμ΄μ κ²°κ³Όλ₯Ό λΆμνμΈμ
# 1. μμ² ν€λμ 무μμ΄ ν¬ν¨λμ΄ μλμ?
curl -v http://example.com
# 2. μ΄ μμ²μ΄ μ±κ³΅νλ©΄ μ΄λ€ μν μ½λλ₯Ό λ°λμ?
curl -I -X DELETE http://api.example.com/users/1
# 3. μ΄ μμ²μμ Content-Typeμ 무μμΈκ°μ?
curl -X POST http://api.example.com/users \
-H "Content-Type: application/json" \
-d '{"name": "test"}'
κ³ κΈ λ¬Έμ ¶
- μΈμ¦μ 체μΈ
-
λ£¨νΈ CAκ° μ§μ μλ² μΈμ¦μμ μλͺ νμ§ μκ³ μ€κ° CAλ₯Ό μ¬μ©νλ μ΄μ λ?
-
보μ ν€λ
- λ€μ 보μ μ·¨μ½μ μ λ°©μ§νκΈ° μν HTTP ν€λλ₯Ό μ μνμΈμ:
- ν΄λ¦μ¬νΉ (Clickjacking)
- XSS (Cross-Site Scripting)
- MIME μ€λν
9. λ€μ λ¨κ³¶
14_Other_Application_Protocols.mdμμ DHCP, FTP, SMTP, SSH λ± λ€λ₯Έ μ ν리μΌμ΄μ κ³μΈ΅ νλ‘ν μ½μ λ°°μλ΄ μλ€!
10. μ°Έκ³ μ룶
RFC λ¬Έμ¶
- RFC 7230-7235 - HTTP/1.1
- RFC 7540 - HTTP/2
- RFC 9110-9114 - HTTP Semantics
- RFC 8446 - TLS 1.3
μ¨λΌμΈ μ룶
λꡬ¶
- curl - λͺ λ Ήμ€ HTTP ν΄λΌμ΄μΈνΈ
- Postman - API ν μ€νΈ λꡬ
- Charles Proxy - HTTP νλ‘μ/λͺ¨λν°λ§
- Wireshark - ν¨ν· λΆμ