HTTP protocol differs from HTTPS

Remember before an interview was asked: ' Explain HTTP and https ', I remember the answer is that it is two different protocols, the HTTPS protocol is relatively safe, but was asked why I was hehe, here are some of the information I found on the Internet.

The concept of HTTPS and HTTP

HTTPS (full name: Hypertext Transfer Protocol over secure Socket Layer) is a security-targeted HTTP channel and is simply a secure version of HTTP. That is, the SSL layer is added under HTTP, the security base of HTTPS is SSL, so the detailed content of encryption needs SSL. It is a URI scheme (abstract identifier system) with syntax similar to http: System. For secure HTTP data transfer. Http:url indicates that it uses HTTP, but HTTPS has a different default port than HTTP and an encryption/authentication layer (between HTTP and TCP). The initial development of the system, conducted by Netscape, provides an authentication and encryption method of communication, which is now widely used in security-sensitive communications on the World Wide Web, such as transaction payments.

The Hypertext Transfer Protocol (Http-hypertext Transfer Protocol) is a rule that specifies the communication between the browser and the World Wide Web server, transmitting the data transfer Protocol of the World Wide Web document over the Internet.

• The difference between HTTPS and http:

  The HTTP protocol requires a certificate to be applied to the CA, and the general free certificate is very small and requires a fee. HTTP is a Hypertext Transfer Protocol, the information is clear-text transmission, HTTP is a secure SSL encryption transport protocol HTTP and HTTP using a completely different connection mode with the port is not the same, the former is 80, the latter is 443. HTTP connection is very simple, is a stateless HTTPS protocol is built by the SSL+HTTP protocol can be encrypted transmission, authentication network protocol than the HTTP protocol security HTTPS resolved problem: 1. The problem of trusting the host. Servers that use HTTP must request a certificate from the CA to prove the type of server usage. The client trusts the secondary host only when the certificate is used for the corresponding server. So now all the banking system website, the key part of the application is HTTP. The client trusts the host by trusting the certificate. In fact, this is inefficient, but banks are more focused on security. This does not make any sense to us, our server, the use of certificates regardless of their own issue or from the public place issue, the client is one of our own, so we will certainly trust the SERVER.2. The data in the communication process is compromised and tampered with 1. HTTP in general means that the server has a certificate. A) The main purpose is to ensure that server is the server he claims to be. This is the same as the 1th. B) All communications between the server and the client are encrypted. Specifically, the client generates a symmetric key that is exchanged through the server's certificate. The general handshake process. II. All information exchanged is encrypted. A third party, even if intercepted, does not make any sense. Because he doesn't have a key. Of course there is no point in tampering. 2. A small number of requests to the client will require that the client also have a certificate. A) Here the client certificate, in fact, similar to the personal information, in addition to the user name/password, there is a CA authenticated identity. Should be a personal certificate in general, others can not be simulated, all this will be able to further confirm their identity. B) At present a small number of personal banking Professional Edition is this practice, the specific certificate may be a USB flash drive as a backup carrier. HTTPS must be cumbersome. A) The original simple HTTP protocol, A get one response. Due to the need for HTTP to also encrypt the key and confirm the encryption algorithm. A single handshake requires 6/7 round trips. In any application, too much round trip must affect performance. b) The next is the specific HTTP protocol, each response or request requires the client and the server to encrypt/decrypt the contents of the session. I. Although symmetric encryption/decryption efficiency is higher, but still consumes too much CPU, for this there is a special SSL chip. If the CPU signal is low, it will certainly degrade performance, thus not serve more requests. Ii. The effect of the amount of data after encryption. So, there are so many security certification tips

• What impact does HTTPS website have on Baidu and Google seo?

  From the "site" we can see Baidu only included HTTP, although did 301 jump, Google is included in 2 different versions of the page, it is clear that the main domain name is the version. Also included in the situation is greatly unused. And look at what they're doing in the search results.

  Google SERP 28

  Baidu SERP 500 ...

  Now it's clear that HTTP has no effect on Google, whether it's ranked or indexed. But in Baidu is obviously not feasible, completely does not include the HTTP site, let alone rankings. If Baidu did not find your HTTP version, that is: Sorry, did not find the "XX" related pages, even if it is done 301, but a 301 of the page to do with what has been optimized rival website competition?

  Sometimes a website has to use the encryption protocol because of the business requirements and other innate conditions.

  Your main market SE does not support HTTP that's all in vain. So it's best to know what the target se is, like Google so you can ignore it.

  But what about Baidu?

  How to deal with or avoid this situation to ignore.

  One, directly copy an HTTP version, HTTP Home 301 to HTTP

  such as some special website, after landing display encrypted content if referring to the first page, you can copy a home page in the directory, all call this directory, there is a need to be able to screen out the robots file.

  Second, the site inside and outside the link consistent use of HTTP, there is a need to be able to modify the previous link.

  Third, se re-recognition

HTTP protocol differs from HTTPS