DEV Community: Prashant Pandey

How http became the https that we know today?

Prashant Pandey — Sat, 30 Jan 2021 18:27:08 +0000

The only difference that one can notice between http and https by just looking at the words is the letter s, but this letter s has quite a big story of it's own. The s in https, adds security to the http protocol which was previously unencrypted, and it's understood if you know what both of these words stand for.

http -> Hypertext Transfer Protocol
https -> Hypertext Transfer Protocol Secure

This all started around the very beginning of 1990s, when the Researchers at Netscape felt the need of securing or more precisely encrypting the requests that were sent across oceans and continents over the Internet, jumping from one router to another, flowing through cables underneath the ocean, between computers(well at that time the World Wide Web comprised mainly of computers unlike today where we even have refrigerators connected to the internet), naked to anyone who could intercept them. But before they could start working on some type of Encryption Layer or Model, they first had to decide that where will the data be encrypted. They had 2 options, they could either encrypt some critical data of an http request and then send it over TCP in which case, the encryption model would solely be used with http, but the internet does not solely comprise of http requests, there are other protocols which are used to send data, or they could encrypt the IP packets, in which case there would be a problem of configuring routers so that they may be able to understand those packets after they are encrypted. So, the Researchers decided that they wanted this Encryption Model to work with any other protocol, they did not want it to be used only with the http protocol, for which they decided to put this protocol in between http and TCP layer i.e whole of the http request will first be encrypted and then it would be sent over TCP.

The very first version of the Security Protocol that was developed to secure http was SSL 1.0 (acronym for Secure Socket Layer 1.0) developed by the Researchers at Netscape, but this very version, SSL 1.0 was never made public, it was only used internally at Netscape. SSL 1.0 had many security flaws in it.

In 1995 SSL 2.0 was published. This version also had some serious security flaws like it used the TCP FIN, ACK packet to indicate the end of data which could easily be forged by an attacker, it also had no protection for the SSL handshake that would be performed before the computers start sending encrypted data, which means that a man-in-the-middle attack could be carried out and there were some other flaws in addition to the above mentioned ones.

After the release of SSL 2.0 Microsoft tried to step into the picture by releasing it's own Security protocol The PCT or The Private Communication Technology. It was quite similar to the SSL 2.0 but with some of the security flaws taken care of.

In 1996 SSL 3.0 was made published by Netscape. This version was better than 2.0 as it had SHA-1 based ciphers and also with the added security of Certificate Verification. SSL 3.0 was the last Secure Socket Layer version that was published because after this it was renamed as Transport Layer Security. So, SSL and TLS aren't different protocols they are they same.

The SSL 3.0 had some features incorporated from PCT in addition to SSL 2.0. The IETF(Internet Engineering Task Force) decided that instead of coming up with different ideas to handle the same issue, they should work together and that is how TLS was born.

It was not until 1999 that TLS 1.0 was published. There weren't drastic changes between SSL 3.0 and TLS 1.0. TLS 1.0 can be thought of as SSL 3.1.

All the SSL versions were developed by Netscape and made public.

Tim Dierks later wrote that these changes, and the renaming from "SSL" to "TLS", were a face-saving gesture to Microsoft, "so it wouldn't look [like] the IETF was just rubberstamping Netscape's protocol".

Source Wikipedia

After TLS 1.0 there were three other versions of TLS 1.1, 1.2 and 1.3 that were published in 2006, 2008 and 2018 respectively, each having enhanced security features, removing the flaws of its predecessor.

All the versions of SSL along with TLS 1.0, 1.1 and 1.2 have been deprecated because of some serious security flaws that were found in them or because they were prone to attacks that can't be prevented with the ciphers used in them.

So, https is what it is, because of TLS that stands between http and TCP, there is no difference between them if we remove TLS.

C's Preprocessor

Prashant Pandey — Wed, 25 Dec 2019 13:09:49 +0000

We need not get terrified by the name Preprocessor.

If we go by the definition from Wikipedia then "The C preprocessor or cpp is the macro preprocessor for the C and C++ computer programming languages. The preprocessor provides the ability for the inclusion of header files, macro expansions, conditional compilation, and line control". In simple words the Preprocessor is just like any other program which has a special task to process the programs written by us before it is compiled by the compiler. It basically
expands our program and converts the program file from a ".c" extension to a ".I" extension after it is done with the processing(expanding) of the program.

Now the question arises what will the preprocessor expand??

We'll learn about that a bit later.

The preprocessor provides us with several features known as the "Preprocessor Directives".
It is these Preprocessor Directives which get expanded by the Preprocessor.

Some of the Preprocessor Directives are:-

Macro expansion

This directive solves one of our most basic problems. Consider the following code snippet.

main()
{
    for(i=0;i<25;i++)
    {
        for(j=0;j<25;j++)
        {
            printf("%d", i);
        }
    }
}

Now for example if we want both the loops in the above program to execute till i and j are less than 30 and not 25, we would then have to go to both the places and change 25 to 30.
And what if there were ten loops in the main function and what if there were 2 more funtions. It would then be a tiring task.
It is for this that we have Macro expansions. Now consider the following code snippet with using macro expansions.

#define LIMIT 25
main()
{
    for(i=0;i<LIMIT;i++)
    {
        for(j=0;j<LIMIT;j++)
        {
            printf("%d", i);
        }
    }
}

In the above program you would observe something new and that is "#define LIMIT 25".
This new line is known as a macro definition and LIMIT is known as macro template and 25 is known as macro expansion. Now if we want to change 25 to 30 then all that we had to do was to change 25 to 30 in the very first line of the program. And this change would be applicable for the other functions where LIMIT has been used.
Now when the preprocessor processes the program file it replaces every LIMIT occurrence with 25.
Macros can also be used to define functions. For example:

#define PRT(X,Y){\
                      printf("%d %d",X,Y);\
                }\

In the above example "\" is used so that the Preprocessor may know that the macro expansion is of multiple lines.
Macro expansion have a disadvantage. Although they make the program run faster but they increase the size of the program. Functions make the program smaller and compact. If we use macro in our program at a hundred places then when the Preprocessor processes the program it will put macro expansion at all those hundred places thus increasing the size of the expanded source file. But in case of functions it will be called a hundred times. Passing the parameters in case of functions a hundred times and evaluating the function all those times makes the program run slower, whereas in case Macro expansion since it has already being processed by the Preprocessor it will only be evaluated once.

File Inclusion

What if we are working on a big project. It would then be difficult to manage all the functionalities because the project file would be very big. So, we divide the project into many smaller files, which contains functions that control a particular task. This is where we need the help of "#include" directive. This directive is used to merge two or more files. When we include a particular program file or header file in a program then when the Preprocessesor processes the program it simply copies all the content of that file in the file being processed. Therefore it gets converted into one single file.Consider the following code snippet:

#include<hello.c>
main()
{
    print("Using a function from another file");
    fun();
}

In the above program as you see that there is no function defined as fun() but still this program will execute without any errors, because a function fun() has already been defined in the file "hello.c". When the Preprocessor processes the above program it simply copies all the contents of the file "hello.c" in the above program therefore it is able to access the function fun().
In addition to adding other program files we also add header files in our program. Header files are predefined programs which contain frequently used functions that we may include in our program.
Files are included in a program using the include directive in two ways:

#include OR #include "filename"

Conditional Compilation

This directive can be very helpful in some situations like what if we had to skip over some part of the program. Yes, I know what you are thinking that this can also be done using comments. But what if that part of the program which we want to skip already has comments in it?? This is where conditional compilation comes into play. The syntax for this directive is as follows:

#ifdef macro name
statement 1;
statement 2;
statement 3;
#else
statement 4;
statement 5;
statement 6;
#endif

The above statements will only be executed if the macro name is defined. We also have another option an alternative:

#ifndef macro name
statement 1;
statement 2;
statement 3;
#else
statement 4;
statement 5;
statement 6;
#endif

The above statements will only be executed if the macro name has not being defined earlier.

Miscellaneous Directives

undef Directive

If we want to undefine some name then we use this directive.

#undef PENTIUM

The above statement would cause the definition of PENTIUM to be removed from the system.

pragma Directive

The functions that are specified with the "#pragma startup " directive are called before the main function executed, and the functions that are specified with the "#pragma end " directive are called before the program terminates.
We also have another pragma directive "pragma warn ". It tells the compiler whether or not we want to suppress a warning.

#pragma warn -rvl
#pragma warn -par
#pragma warn -rch

The above three statements would suppress the warnings for return value, parameter not used and unreachable code.

In this post I tried to explain a concept of C language, that is mostly overlooked, in as simple way as possible.