Shulou(Shulou.com)06/02 Report--

This article will explain in detail what is the difference between HTTP and HTTPS, the content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

1. Basic concepts of HTTP and HTTPS:

HTTP: hypertext transfer Protocol (HyperText Transfer Protocol, abbreviation: HTTP) is an application layer protocol for distributed, collaborative and hypermedia information systems. HTTP is the basis of data communication on the World wide Web. HTTP was originally designed to provide a way to publish and receive HTML pages. Resources requested through the HTTP or HTTPS protocol are identified by the uniform Resource Identifier (Uniform Resource Identifiers,URI).

HTTPS: hypertext transfer Security Protocol (English: Hypertext Transfer Protocol Secure, abbreviation: HTTPS, often called HTTP over TLS,HTTP over SSL or HTTP Secure) is a transport protocol for secure communication over a computer network. HTTPS communicates via HTTP, but uses SSL/TLS to encrypt packets. The main purpose of HTTPS development is to provide identity authentication to the website server and protect the privacy and integrity of the exchanged data. The agreement was first proposed by Netscape in 1994 and then extended to the Internet. Historically, HTTPS connections have been used for transaction payments on the World wide Web and for the transmission of sensitive information in enterprise information systems. In the late 2000s and early 2010s, HTTPS began to be widely used to protect the authenticity of pages on all types of websites, protect accounts and keep users' communications, identities and web browsing private.

Second, what is the difference between HTTP and HTTPS?

1. Https protocol needs to apply for a certificate from ca. Generally, there are few free certificates, so it costs a certain fee.

2. Http is a hypertext transmission protocol, information is plaintext transmission, and https is a secure ssl encryption transmission protocol.

3. Http and https use completely different connection methods and different ports. The former is 80 and the latter is 443.

4. The connection of http is very simple and stateless; HTTPS protocol is a network protocol built by SSL+HTTP protocol for encrypted transmission and identity authentication, which is more secure than http protocol.

3. The working principle of HTTPS

We all know that HTTPS can encrypt information to prevent sensitive information from being obtained by third parties, so many high-security services such as bank websites or e-mail boxes use HTTPS protocol.

HTTP contains the following actions:

1. Browser opens a TCP connection

two。 The browser sends a HTTP request to the server

3. The server sends a HTTP response message to the browser

4. TCP connection closed

SSL contains the following actions:

1. Verify the server side

two。 Allow client and server to choose encryption algorithms and passwords to ensure that both sides support

3. Verify client (optional)

4. Use public key encryption technology to generate shared encrypted data

5. Create an encrypted SSL connection

6. Pass the HTTP request based on the SSL connection

Fourth, the advantages of HTTPS

1. The keys generated by the client can only be obtained by the client and the server.

2. Only the client and server can get the plaintext of the encrypted data.

3. The communication from client to server is secure.

In addition, Google adjusted its search engine algorithm in August 2014, saying that "sites encrypted with HTTPS will rank higher in search results than their equivalent HTTP sites."

5. Limitations / shortcomings of HTTPS

1. HTTPS consumes more server resources than HTTP (https is actually a http protocol built on SSL/TLS, so to compare how many server resources https uses than http depends on how many server resources are consumed by SSL/TLS itself. )

2. It consumes a lot of resources and the process is complex, so it is assumed that access is not as efficient as HTTP. High-traffic websites are not necessary and will not be adopted, and the traffic cost is too high.

3. HTTPS does not prevent the site from being crawled by web spiders. In some cases, the URL of encrypted resources can be deduced only by intercepting the size of requests and responses, which makes it possible for attackers to know both plaintext (public static content) and ciphertext (encrypted plaintext), thus making it possible to choose ciphertext attacks.

4, SSL certificate requires money, the more powerful the certificate fee is higher, personal websites, small websites are not necessary generally will not be used.

5. SSL certificates usually need to be bound to IP. You cannot bind multiple domain names to the same IP. IPv4 resources cannot support this consumption.

About what is the difference between HTTP and HTTPS to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.