HTTPS (full name: Hyper Text Transfer Protocol over Secure Socket Layer or Hypertext Transfer Protocol Secure) is an HTTP channel that aims at security. In short, it is the secure version of HTTP. That is, the SSL layer is added under HTTP. The security foundation of HTTPS is SSL, so SSL is required for detailed encryption.
HTTP is a request and response standard for client terminals and server terminals. By using a web browser, web crawler or other tools, the client sends an HTTP request to the specified port on the server (the default port is 80). We call this client user agent. The response server stores some resources, such as HTML files and images. We call this response server the origin server. There may be multiple “middle layers” between user agents and source servers, such as proxy servers, gateways, or tunnels.
In fact, HTTP can be implemented on any Internet protocol or other network. HTTP assumes that its underlying protocols provide reliable transmission. Therefore, any protocol that can provide such guarantee can be used by it. Therefore, it uses TCP as its transport layer in the TCP/IP protocol family.
The HTTP protocol is clear text transmission, so there are three risks: also check for ccie dc lab
- Clear text (not encrypted) is used for communication, and the content may be eavesdropped
- The identity of the communicating party is not verified, so it may be masqueraded
- The integrity of the message cannot be proved, so it may have been tampered with
HTTP has emerged because of the above three security risks.
For several encryption technologies to prevent eavesdropping, there are several encrypted objects:
- Encryption of communication. There is no encryption mechanism in the HTTP protocol, but the HTTP communication content can be encrypted by combining with SSL (Secure Socket Layer) or TLS (Transport Layer Security). After establishing a secure communication line with SSL, HTTP communication can be conducted on this line. HTTP combined with SSL is called HTTPS (HTTP Secure, Hypertext Transfer Security Protocol) or HTTP over SSL.
- Encryption of content. There is also a way to encrypt the content involved in communication itself. Since there is no encryption mechanism in the HTTP protocol, the content transmitted by the HTTP protocol is encrypted. That is, encrypt the content contained in the HTTP message.
Differences between HTTPS and HTTP
In order to solve this defect of HTTP protocol, we need to use another protocol: Hypertext Transfer Security Protocol HTTPS. For the security of data transmission, HTTPS adds SSL protocol on the basis of HTTP. SSL relies on certificates to verify the identity of the server and encrypt the communication between the browser and the server.
There are four main differences between HTTPS and HTTP:
- For the HTTPS protocol, you need to apply for a certificate from the CA. Generally, there are few free certificates and you need to pay a fee.
- HTTP is a hypertext transmission protocol, information is plain-text transmission, and HTTPS is a secure SSL encrypted transmission protocol.
- HTTP and HTTPS use completely different connection methods and ports. The former is 80 and the latter is 443.
- The HTTP connection is simple and stateless. HTTPS protocol is a network protocol constructed by SSL+HTTP protocol, which can be used for encrypted transmission and identity authentication. It is safer than HTTP protocol.
- https://www.spotoclub.com