Differences between HTTP and https

Adding https: // prefix before the URL indicates that SSL encryption is used. It is safer to transmit and receive information between your computer and the server. To enable SSL for a Web server, you need to obtain a server certificate and bind the certificate to the server that uses SSL. HTTP and HTTPS use completely different connection methods and different ports. The former is 80, and the latter is 443. .

HTTPS is a network protocol built by SSL + HTTP for encrypted transmission and identity authentication.
More secure than HTTP

HTTPS (Secure Hypertext Transfer Protocol) Secure Hypertext Transfer Protocol
It is a secure communication channel developed based on HTTP and used to exchange information between client computers and servers. It uses Secure Sockets Layer (SSL) for information exchange. In short, it is a secure version of HTTP.
It is developed by Netscape and built in its browser. It is used to compress and decompress data and return the results of network upload and return. HTTPS actually applies Netscape's secure full Socket Layer (SSL) as the child layer of the HTTP application layer. (HTTPS uses port 443 instead of using port 80 as HTTP to communicate with TCP/IP .) SSL uses 40-bit keywords as RC4 Stream Encryption Algorithm This is suitable for business information encryption. HTTPS and SSL support X.509 digital authentication. If necessary, you can confirm who the sender is.
Differences between HTTPS and http:
For HTTPS protocol, you need to apply for a certificate from the ca. Generally, there are few free certificates and you need to pay the fee.
HTTP is Hypertext Transfer Protocol, information is transmitted in plaintext, and HTTPS is a secure SSL encrypted transmission protocol.
HTTP and HTTPS use completely different connection methods with different ports, the former is 80, and the latter is 443.
The HTTP connection is simple and stateless.
HTTPS is a network protocol built by the SSL + HTTP protocol that supports encrypted transmission and identity authentication, which is more secure than HTTP.
Problems solved by https:
1. questions about trusted hosts. an https server must apply for a certificate from the CA to prove the purpose of the server. the client trusts the host only when the certificate is used for the corresponding server. therefore, the key applications of all banking system websites are HTTPS. the customer trusts the host by trusting the certificate. in fact, this is very inefficient, but banks are more focused on security. this does not make any sense to us. Our server adopts certificates, no matter whether it is our own issue or issue from the public, the client is our own, so we certainly trust the server.
2. Data leaks and tampering during communication
1. In general, https means that the server has a certificate.
A) The main purpose is to ensure that the server is the server he claims. This is the same as that in section 1.1.
B) All communications between the server and the client are encrypted.
I. Specifically, the client generates a symmetric key and exchanges the key through the server certificate. In the general sense, the handshake process.
Ii. All the added information is encrypted. Even if a third party intercepts the information, it makes no sense because it does not have a key. Of course, tampering is meaningless.
2. If you have a few requirements on the client, the client must also have a certificate.
A) The client certificate is similar to a ca-authenticated identity in addition to the user name and password. the individual certificate is generally not simulated by others, so that you can further confirm your identity.
B) at present, this is the practice of Professional edition of a few individual banks. The specific certificate may be using a USB flash disk as a backup carrier.
HTTPS must be cumbersome.
A) The original simple http protocol, a get and a response. Because HTTPS needs to restore the key and confirm the encryption algorithm, a single handshake requires 6/7 round trips.
I. In any application, too many round trips will definitely affect the performance.
B) The next step is the specific HTTP protocol. Each response or request requires the client and server to encrypt/decrypt the session content.
I. although the efficiency of symmetric encryption/decryption is relatively high, it still consumes too much CPU. Therefore, it has a dedicated SSL chip. if the CPU signal can be relatively low, it will definitely reduce the performance and thus cannot serve more requests.
Ii. Data size after encryption. Therefore, so many security authentication prompts will appear.