The main difference between HTTPS and HTTP as follows:
1, https protocol ca need to apply for a certificate, generally less free certificates, thus requiring a fee.
2, http is the hypertext transfer protocol, information is transmitted in the clear, https is encrypted with a security ssl transfer protocol.
3, http and https use is completely different connections, with the port are not the same, the former is 80, which is 443.
4, http connection is very simple, is stateless; is constructed by the HTTPS protocol SSL + HTTP encrypted transmission protocol, a network authentication protocol, the http protocol than security.
The following are some of the specific analysis
First, the basic concepts of HTTP and HTTPS
HTTP: is the Internet's most widely used network protocol, a client and a server-side request and response standard (TCP), hypertext transfer protocol for transmission from the WWW server to the local browser, it can make browsing It is more efficient, so that network traffic is reduced.
HTTPS: HTTP is safe for the target channel, simply, is a safe version of HTTP, HTTP added SSL layer, HTTPS security infrastructure is SSL, encryption and therefore the details will need to SSL.
The main role of the HTTPS protocol can be divided into two types: one is to establish a channel of information security, to ensure the security of data transmission; the other is to confirm the authenticity of the site.
Two , HTTP and HTTPS main features and workflow
HTTP Features
1. Supports client / server model. (C / S mode)
2. simple and fast: a customer service request to the server, instead of sending the request method and path. Request method commonly used GET, HEAD, POST. Each method provides a different type of client contacts the server. Due to the simple HTTP protocol, HTTP server makes the program a small scale, so the communication is very fast.
3. Flexible: HTTP allows the transmission of any type of data object. It is the type of transmission being marked by Content-Type.
4. No connection: Meaning No limitation is attached only one request per connection. After the server processes client requests and receives the customer's response, i.e., disconnected. In this way it can save transmission time.
5. stateless: HTTP protocol is stateless protocol. No state is no protocol for transaction processing and memory. If the lack of state means that the subsequent processing required in front of the information, it must be retransmitted, which may result in the amount of data transmitted for each connection is increased. On the other hand, when the server does not require previous information in its response to fast
HTTP workflow
The first step: the establishment of TCP / IP connection, the client and the server are connected via three-way handshake Socket
Step two: The client sends an HTTP request to the server (for example: POST / login.html http / 1.1)
The third step: the client sends a request headers, request content, and finally sends a blank line, marking completion of client requests
The fourth step: to make the server response represents a response to the client request, for example: HTTP / 1.1 200 OK
Step Five: The server sends a reply message to the client head
Step 6: After the server sends a request to the client header information, also sends a blank line, marking the first response message is sent, and then send the data to the data format required to Content-type to the client
Step Seven: the server closes the TCP connection, if the server or the client increases Connection: keep-alive, says the client and the server continues to save the connection, you can continue to use this connection when the next request
HTTPS Features
HTTPS is a modified HTTP protocol, which encrypt data and ensure its confidentiality. Its configuration can protect the user when interacting with sites from stealing personal information and billing data.
1, the advantages
Compared to http, https can provide better confidentiality of information, ensure the security of user data, in addition to https while protecting the server is also to some extent, greatly improve the use of disguised malicious attacks and data costs.
2, shortcomings
Disadvantages are also obvious, high technical threshold https first, most difficult to support individual or private website, a certificate issued by a CA is required annual fee, in addition to docking Https agreement also requires additional technical support; Second, the current for most sites do not care about the security and confidentiality of data, its biggest advantage https it is not suitable; Third, https increased the burden on the service side, compared to http their needs more resources to support, but also reduces the user's access speed; fourth, there is still large-scale use Http Web site, the browser side is also not particularly big difference, if many users do not care do not perceive.
HTTPS workflow
The first step: customers use https URL to access the Web server requires an SSL connection to the Web server.
Step Two: After the Web server receives a client request, the certificate information will be the site (the certificate contains the public key) transmit a copy to the client.
The third step: the client browser and the Web server security level began to negotiate SSL connection, which is encrypted information level.
Step four: Client browser, depending on the security level agreed to establish a session key, and then use the site's public key to encrypt the session key and send it to the site.
Step five: Web Server to use their private key to decrypt the session key.
Step Six: Web Server using the communication between the client and the encrypted session key.
Finally, say, Ali goes on ssl certificate you can apply for a free one year
Note: This blog is intended to record, without any commercial, if violated, please contact bloggers ([email protected]) Delete!