Hypertext Transfer Protocol Http protocol is used between the web browser, a web server to transmit information, HTTP content sent in the clear, does not provide data encryption in any way, if an attacker intercepts between the Web browser and a Web server transmit a message, you can directly read the information in it, therefore, HTTP transmission protocol is not suitable for sensitive information, such as: credit card numbers, passwords and other payment information.
To address this shortcoming HTTP protocol, you need to use another protocol: Secure Sockets Layer Hypertext Transfer Protocol HTTPS, for secure data transmission, HTTPS added SSL protocol based on HTTP, SSL relies on certificates to authenticate the server identity and encryption for communication between browsers and servers.
A .HTTP and HTTPS basic concepts:
HTTP: is the Internet's most widely used network protocol, a client and a server-side request and response standard (TCP), hypertext transfer protocol for transmission from the WWW server to the local browser, it can make browsing It is more efficient, so that network traffic is reduced.
HTTPS: HTTP is safe for the target channel, simply, is a safe version of HTTP, HTTP added SSL layer, HTTPS security infrastructure is SSL, encryption and therefore the details will need to SSL.
The main role of the HTTPS protocol can be divided into two types: one is to establish a channel of information security, to ensure the security of data transmission; the other is to confirm the authenticity of the site.
Two .HTTP and HTTPS What is the difference?
HTTP data transmission protocol is unencrypted, plain text is therefore transmitted using the HTTP protocol is insecure private information, in order to ensure the privacy of data transmission can be encrypted, so designed Netscape SSL (Secure Sockets Layer) protocol with HTTP protocol for data transmission is encrypted, thus was born HTTPS. In simple terms, HTTPS protocol is constructed from SSL + HTTP protocol can be encrypted transmission, network authentication protocol than http protocol security.
The main difference:
1, https protocol ca need to apply for a certificate, generally less free certificates, thus requiring a fee.
2, http is the hypertext transfer protocol, information is transmitted in the clear, https is encrypted with a security ssl transfer protocol.
3, http and https use is completely different connections, with the port are not the same, the former is 80, which is 443.
4, http connection is very simple, is stateless; is constructed by the HTTPS protocol SSL + HTTP encrypted transmission protocol, a network authentication protocol, the http protocol than security.
Three .HTTPS works:
The client has the following steps when using HTTPS to communicate with the server Web, as illustrated in FIG.
(1) customers to use https URL to access the Web server requires an SSL connection to the Web server.
After (2) Web server receives a client request, the certificate information will be the site (the certificate contains the public key) transmit a copy to the client.
(3) the client browser and the Web server security level began to negotiate SSL connection, which is encrypted information level.
(4) the client browser, depending on the security level agreed to establish a session key, and then use the site's public key to encrypt the session key and send it to the site.
(5) Web server using their own private key to decrypt the session key.
(6) Web server using the communication between the client and the encrypted session key.
four. HTTPS advantages:
Although HTTPS is not absolutely safe, master authority root certificate to master organizational encryption algorithm can also be an intermediary form of attack, but HTTPS is still under the existing framework of the safest solutions, mainly in the following benefits:
(1) using the HTTPS protocol may authenticate the user and the server, transmits the data to ensure that the correct client and server;
(2) HTTPS protocol is constructed by SSL + HTTP encrypted transmission protocol, a network authentication protocol, the http protocol than security, to prevent data from being stolen during transmission, changes to ensure data integrity.
(3) HTTPS under the existing framework is the most secure solution, though not absolute security, but it greatly increases the cost of the middleman attack.
(4) Google search engine algorithm was adjusted in August 2014, saying "Compared to the same HTTP sites using HTTPS encrypted site's ranking in search results will be higher."
Fives. HTTPS disadvantages:
Although HTTPS has a great advantage, but relatively speaking, still shortcomings at:
(1) HTTPS protocol handshake time consuming, can cause pages to load prolonged nearly 50%, 10% to 20% of the power consumption;
(2) HTTPS connection cache as good as HTTP efficient, increases data overhead and power consumption, even existing security measures will also be affected;
(3) SSL certificates need the money, the more powerful the higher cost certificates, personal sites, small sites generally do not use is not necessary.
(4) SSL certificate is usually required to bind IP, can not bind multiple domain names on the same IP, IPv4 resources are unlikely to support this consumption.
Encryption range (5) HTTPS protocol is relatively limited, in hacker attacks, denial terms of service attacks, hijacking and other servers will not achieve any effect almost. The most critical, SSL certificate credit chain system is not safe, especially in certain countries can control the CA root certificate, the man in the middle attacks as possible.
Learn more about: https://www.cnblogs.com/wqhwe/p/5407468.html