Explain the role and difference of HTTP and HTTPS

Ps:https is a layer of SSL between HTTP and TCP, a layer that is actually useful for preventing phishing and encryption. To prevent phishing through the website's certificate, the site must have a CA certificate that resembles a decrypted signature. In addition to encryption, encryption requires a key exchange algorithm, both sides through the exchange of key encryption and decryption.

What is the difference between HTTP and HTTPS? This article provides a detailed explanation of the differences between HTTP and HTTPS.

As long as the network of friends must have contacted the "http", every time you open a webpage, no matter what URL, it will appear in front of the HTTP words, such as "http://www.jzxue.com", "http://62.135.5.7" and so on, And sometimes when you open a security-demanding site such as a bank, the prefix of its URL becomes "https", what does the two prefixes mean? What role does it have? I believe many user friends do not understand this. Let me explain to you the following one or two.

The full name of HTTP is hypertext Transfer Protocol vertion (Hypertext Transfer Protocol), said the popular point is to use the network link transmission Text Information Protocol, we are now looking at the various types of Web page is this stuff. Why does the "http://" appear every time you open a webpage? In fact, this is very simple, because you want to get hypertext information on the network, then you must follow its hypertext transmission specifications, as you Are "heaven" members, you and other "heaven" members of the joint when the first to say "Earthquake high hillock, one of the XI ' an eternal show!" "and" the door facing the sea, the river water years flow "such a connector code, speak before and members to communicate. So every time the page appears "http://" As the above-mentioned connector code, when the password is correct to obtain relevant information.

After reading the above explanations, you may already know why "http" appears every time you open a webpage. So then let's talk about why sometimes the connector code will become "https"?

The full name of HTTPS is secure hypertext Transfer Protocol (Secure Hypertext Transfer Protocol), which is based on the HTTP protocol, which increases the use of SSL encryption to transmit information. We still use Heaven connector example, we may feel that every time the Heaven connector is used "Earthquake high hillock, one of the West Hill through the ages show!" "What's the security of such an organization with the including women of this kind of connector code?" As long as you say the code, you may get heaven's secret. In fact, this is not the case, if only by a including women connector password for information security, heaven may have been the Qing soldiers, why so many legendary story? In addition to their communication with the use of the connector password, may be used "slang", is some only heaven members can understand the slang, so that even if the conversation between the heaven members of the information is leaked out, there is no relevant disclosure of things, who will not know what these slang? The same HTTPS protocol, like the Heaven Information conversation above, also encrypts the hypertext protocol that it needs to transmit via SSL, making the plaintext "slang" even if the transmitted information is captured, the captured person has no way of knowing the actual content.

So the difference between HTTP and HTTPS is whether the content of its transmission is encrypted and whether it is an exploitative content. That's why you often see the URLs at the beginning of HTTPS are some of the same kind of web sites like bank websites.

Here is the concept of HTTP and HTTPS

What is Https:https (Secure hypertext Transfer Protocol) Secure Hypertext Transfer Protocol.

It is a secure communication channel that is based on HTTP development and is used to exchange information between client computers and servers. It uses Secure Sockets Layer (SSL) for information exchange, which simply means that it is a secure version of HTTP. It is developed by Netscape and built into its browser to compress and decompress data and return the results that are sent back on the network. HTTPS actually applies the Netscape secure full Socket Layer (SSL) as a sub-layer of the HTTP application layer. (HTTPS uses port 443 instead of using port 80来 and TCP/IP to communicate like HTTP.) SSL uses 40-bit keywords as the RC4 stream encryption algorithm, which is appropriate for the encryption of business information. HTTPS and SSL support use of the digital authentication of the number, and if necessary, the user can confirm who the sender is.

The difference between HTTPS and http:

The HTTPS protocol requires a certificate to be applied to the CA, and the general free certificate is very small and requires a fee.

HTTP is a Hypertext Transfer Protocol, the information is plaintext transmission, HTTPS is a secure SSL encryption transport protocol.

HTTP and HTTPS use a completely different connection method with the same port, the former is 80, the latter is 443.

The connection to HTTP is simple and stateless.

HTTPS protocol is a network protocol built by Ssl+http protocol which can encrypt transmission and authentication, and is more secure than HTTP protocol.

HTTPS resolves the issue:

1. The problem of trusting the host. Server with HTTPS must request a certificate from the CA that is used to certify the server's purpose type. The client trusts the secondary host only when the certificate is used for the corresponding server. So now all the banking system website, the key part of the application is HTTPS, the customer trust the certificate, thereby trusting the host, in fact, this is inefficient, but the bank is more focused on security. This does not make any sense to us, our server to use the certificate regardless of their own issue or from the public place issue, the client is one of our own, so we will certainly trust the server.

2. Disclosure and tampering of data in the course of communication

1) The general meaning of HTTPS is that the server has a certificate.

A) The main purpose is to ensure that server is the server he claims to be. This is the same as the 1th.

b) All communication between the server and the client is encrypted.

I. Specifically, it is the client that produces a symmetric key that is exchanged through the server's certificate to exchange the key, the general sense of the handshake process.

II. All the information exchanged is encrypted, and the third party, even if intercepted, does not make any sense, because he does not have a key, and of course there is no point in tampering.

2) The client must also have a certificate in the case that the client is required.

A) Here the client certificate, in fact, similar to the expression of personal information, in addition to the user name/password, there is a CA authenticated identity, personal certificate in general, others can not be simulated, all this can further confirm their identity.

b) Currently a small number of personal banking Professional Edition is this practice, the specific certificate may be to take a USB flash drive as a backup carrier.

Key exchange algorithm

When using symmetric encryption algorithm, key exchange is a big problem, so Diffie and Hellman put forward the famous Diffie-hellman key exchange algorithm.

Diffie-hellman key exchange Algorithm principle:

(1) Alice and Bob determine two large primes n and G, these two numbers are not confidential

(2) Alice selects another large random number x, and calculates A as follows: A=GX mod n

(3) Alice sends A to Bob

(4) Bob selects another large random number Y, and calculates B as follows: B=gy mod n

(5) Bob sends B to Alice

(6) Calculate secret key K1 as follows: K1=BX mod n

(7) Calculate secret key K2 as follows: K2=ay mod n

K1=k2, so Alice and Bob can use it for encryption and decryption.

The RSA encryption algorithm is based on the mathematical fact that two large primes are easy to multiply, while it is difficult to obtain a factor for the resulting product. The encryption process is as follows:

(1) Select two large prime number P, Q (2) Calculation n=p*q (3) Select a public key (encryption key) E, so that it is not (P-1) and (Q-1) factor (4) Select the private key (decryption key) D, meet the following conditions: (d*e) mod (P-1) (Q-1) =1 (5) encryption, Clear text pt computed ciphertext CT as follows: Ct=pte mod N (6) When decrypting, the plaintext PT computed from the ciphertext CT is as follows: Pt=ctdmodn This is also a key exchange algorithm used in SSL.

Explain the role and difference of HTTP and HTTPS