Shulou(Shulou.com)06/01 Report--

This article mainly explains "what is the difference between HTTPS and HTTP". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is the difference between HTTPS and HTTP".

Basic concept

HTTP: hypertext transfer protocol HTTP protocol is used to transmit information between Web browsers and web servers. HTTP protocol sends content in clear text and does not provide any way of data encryption. Therefore, HTTP protocol is not suitable for transmitting some sensitive information, such as credit card numbers, passwords and other payment information.

HTTPS: it is a HTTP channel aimed at security. To put it simply, it is the secure version of HTTP, that is, adding a SSL layer under HTTP. The security foundation of HTTPS is SSL (SSL recording Protocol [SSL Record Protocol]), so SSL is required for the details of encryption.

The main function of HTTPS protocol can be divided into two kinds: one is to establish an information security channel to ensure the security of data transmission; the other is to confirm the authenticity of the website.

The difference between HTTPS and HTTP 1. Https protocol needs to apply for a certificate from ca. Generally, there are few free certificates, so it costs a certain fee. 2. Http is a hypertext transfer protocol, information is plaintext transmission, and https is a secure ssl encryption transmission protocol. 3. Http and https use completely different connection methods and different ports. The former is 80 and the latter is 443. 4. The connection of http is very simple and stateless. 5. HTTPS protocol is a network protocol built by SSL+HTTP protocol for encrypted transmission and identity authentication, which is more secure than http protocol. The biggest feature of HTTPS

The most important feature of HTTPS is security, which plays a key role in protecting users' privacy and preventing traffic hijacking. There are mainly the following three points:

Content encrypted. The content from the browser to the Baidu server is transmitted in encrypted form, and the middleman cannot view the original content directly.

Identity authentication. Users are guaranteed to visit Baidu services. Even if they are hijacked to a third-party site by DNS, users will be reminded that they have not visited Baidu services and may be hijacked.

Data integrity. Prevent the content from being impersonated or tampered with by a third party.

Shortcomings of HTTPS

1. Certificate fee and update maintenance.

2. HTTPS reduces the access speed of certain users (in fact, it is not a disadvantage if it is optimized).

3. HTTPS consumes CPU resources and requires a large number of machines.

HTTPS network access process

Under the http protocol, users only need to complete the TCP three-way handshake to establish a TCP connection to directly send HTTP requests to obtain application layer data. In addition, there is no need to consume computing resources in the whole access process.

The access process of HTTPS is much more complicated than that of HTTP. In some scenarios, using HTTPS access may add 7 RTT.

A three-way handshake establishes a TCP connection. It takes one RTT.

The GET request is initiated using HTTP, and the server returns 302 to jump to https://www.baidu.com. A RTT and 302 jump delay are required.

Re-establish the TCP connection with a three-way handshake. It takes one RTT.

TLS full handshake phase one. Takes at least one RTT.

Parse the DNS of the CA site. It takes one RTT.

Establish a TCP connection to the CA site with a three-way handshake. It takes one RTT.

Initiate an OCSP request to get a response. It takes one RTT.

The second stage of complete handshake takes a RTT and computing time.

After the full handshake, the application layer (that is, HTTP) data transfer occurs between the browser and the server.

Of course, not every request requires seven additional RTT to complete the first HTTPS request interaction. Probably less than 0.01% of the requests are likely to go through the above steps.

Performance Optimization of HTTPS

It mainly optimizes two aspects, access speed and computing performance.

Optimization of HTTPS access speed

When HSTS is set, the server returns a http header of HSTS. After the browser gets the HSTS header, whether the user enters www.baidu.com or http://www.baidu.com, the request will be transferred to https://www.baidu.com by default within a period of time. Chrome, firefox, and ie all support HSTS.

Session resume, reusing session can reduce CPU consumption because there is no need for asymmetric key exchange computation. The access speed can be improved without the need for a full handshake phase II, saving a RTT and computing time. There are two ways to reuse, Session cache and Session ticket.

Nginx sets Ocsp stapling. Ocsp, the full name of online Certificate status check Protocol (rfc6960), is used to query CA sites for certificate status, such as whether to revoke. In general, the browser uses the OCSP protocol to initiate a query request, CA returns the certificate status content, and then the browser accepts the status of whether the certificate is trusted. This process is very time-consuming, because the CA site may be abroad, the network is unstable, and the RTT is relatively large. If you don't need a query, you can save time.

Use SPDY or HTTP2. The most important feature of SPDY is multiplexing, which can send multiple HTTP requests together on the same connection, unlike the current HTTP protocol, which can only send requests one by one in series. Although Pipeline supports multiple requests to be sent together, it still has to be received sequentially when receiving, which essentially can not solve the concurrency problem. HTTP2 supports multiplexing and has the same effect.

False start . A simple summary of the principle of False start is to send the application layer data together when the clientkeyexchange is issued, which can save a RTT.

Optimization of HTTPS Computing performance

Preferred use of ECC elliptical cryptography arithmetic.

Use the latest version of openssl.

Hardware acceleration scheme.

TLS remote agent computing

Thank you for your reading, the above is the content of "what is the difference between HTTPS and HTTP". After the study of this article, I believe you have a deeper understanding of what is the difference between HTTPS and HTTP, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.