What is the difference between Http and Https

What is HTTP

HTTP is transmitted in plain text, while HTTPS is encrypted.

What is the HTTP protocol?

The HTTP protocol is the abbreviation of Hypertext Transfer Protocol. It is a transfer protocol for transferring Hypertext Markup Language (HTML) from a WEB server to a local browser. The original purpose of the HTTP protocol is to provide a method for publishing and receiving HTML pages. There are currently multiple versions of the HTTP protocol, but the HTTP/1.1 version is now widely used.

HTTP is a protocol for fetching resources such as HTML documents. It is the foundation of any data exchange on the Web and it is a client-server protocol, which means requests are initiated by the recipient, usually the Web browser. A complete document is reconstructed from the different sub-documents fetched, for instance, text, layout description, images, videos, scripts, and more.

HTTP protocol
HTTP protocol

HTTP principle

HTTP is a protocol for transmitting data based on the TCP/IP communication protocol. The types of data transmitted are HTML files, pictures, videos, multimedia, query results, and so on.

HTTP protocol is generally used in B/S architecture (meaning: browser/server architecture). As an HTTP client (Client), the browser sends all requests to the HTTP server (server), that is, the WEB server through URL (URL, scientific name uniform resource locator).

When a client wants to communicate with a server, either the final server or an intermediate proxy, it performs the following steps:

  1. Open a TCP connection: The TCP connection is used to send a request, or several, and receive an answer. The client may open a new connection, reuse an existing connection, or open several TCP connections to the servers.
  2. Send an HTTP message: HTTP messages (before HTTP/2) are human-readable. With HTTP/2, these simple messages are encapsulated in frames, making them impossible to read directly, but the principle remains the same. For example:
GET / HTTP/1.1
Host: developer.mozilla.org
Accept-Language: fr
  1. Read the response sent by the server, such as:
HTTP/1.1 200 OK
Date: Sat, 09 Oct 2010 14:28:02 GMT
Server: Apache
Last-Modified: Tue, 01 Dec 2009 20:18:22 GMT
ETag: "51142bc1-7449-479b075b2891b"
Accept-Ranges: bytes
Content-Length: 29769
Content-Type: text/html

Therefore, http access is ordinary plaintext transmission, and data is not encrypted during transmission. The server port used by default is port 80.

What is HTTPS

HTTPS (HyperText Transfer Protocol Secure) is an encrypted version of the HTTP protocol. It uses SSL or TLS to encrypt all communication between a client and a server. This secure connection allows clients to safely exchange sensitive data with a server, such as when performing banking activities or online shopping.

The HTTPS protocol (HyperText Transfer Protocol over Secure Socket Layer) is generally understood as HTTP+SSL/TLS, which verifies the identity of the server through an SSL certificate issued by an authority, and encrypts the communication between the browser and the server. Because it is encrypted transmission, the data is more secure during transmission.

What is SSL?

SSL (Secure Socket Layer): Developed by Netscape in 1994, the SSL protocol is located between the TCP/IP protocol and various application layer protocols to provide security support for data communication.

TLS (Transport Layer Security): Its predecessor is SSL. Its first few versions (SSL 1.0, SSL 2.0, SSL 3.0) were developed by Netscape, and in 1999, it was standardized and renamed by IETF from 3.1. So far, there are three versions of TLS 1.0, TLS 1.1, and TLS 1.2. SSL3.0 and TLS1.0 have been rarely used due to security vulnerabilities. And because TLS 1.3 has undergone major changes, it is still in the draft stage, so TLS 1.1 and TLS 1.2 are currently the most widely used.

Https is more secure

Because Https is encrypted transmission, data is more secure during transmission. The server port used by default is 443. Because the security certificate, namely the SSL certificate, is added to the http protocol, the security of the transmission process is guaranteed through transmission encryption and identity recognition. A safe green lock will be displayed in the address bar, allowing visitors to trust the website more, and at the same time visually It’s also more comfortable.

Https must be opened by the website administrator who has deployed an ssl certificate, and SSL is either free or paid. There are generally 3 SSL certificates, among which the following 1-3 are based on the SSL certificate of the Apache server, and .pem is the SSL certificate of the Nginx server.

  • key file: the key file, the private key of the SSL certificate is included in it;
  • .csr file: This file contains the public key of the certificate and some other company information, and the certificate can be directly generated after requesting the signature;
  • .crt file: This file also contains the certificate’s public key, signature information, and different certification information, such as IP, according to different types of certificates (this file may also appear as a .cert suffix in some institutions and systems);
  • .pem file: SSL certificate for NGINX server. This file is relatively rare, and it contains the private key of the certificate and some certificate information.

Because Http is a common hypertext transfer protocol, if a website does not use ssl, the left side of the address bar will obviously prompt “Unsafe”

Therefore, sites that do not open https are a manifestation of the lack of attention to site construction and the poor security awareness of webmasters.

Small disadvantages of HTTPS

  1. Because of the multiple handshake of the HTTPS protocol, the page load time was prolonged by nearly 50%.
  2. HTTPS connection caching is not as efficient as the HTTP protocol, which increases data overhead and power consumption.
  3. It costs money to apply for an SSL certificate. The more powerful the function (for example: wildcard certificate), the higher the cost of the certificate.
  4. The security algorithms involved in SSL consume CPU resources and consume a lot of server resources.
Default image
Marugu Fuyeor
Welcome to the Fuyeor :-) The fuyeor.com has videos, photography and tutorials. —— Marugu Fuyeor
Articles: 95

2 Comments

  1. These are in fact wonderful ideas in regarding blogging.
    You have touched some nice factors here. Any way keep up wrinting.

    • It is forbidden to post any spam comments here.

      In the past three days, you have sent hundreds of fake comments with advertising URLs here. I have deleted all of them.

      The URL of this ad comment has also been removed. This comment is left, for reply to you.

      Be aware that no one can leave any advertising links on docs.fuyeor.com

Leave a Reply