HTTP VS HTTPS

Source: Internet
Author: User

Adding https: // prefix before the URL indicates that SSL encryption is used. It is safer to transmit and receive information between your computer and the server. To enable SSL for a Web server, you need to obtain a server certificate and bind the certificate to the server that uses SSL.

HTTPS is a network protocol built by SSL + HTTP for encrypted transmission and identity authentication.
More secure than http

HTTPS (Secure Hypertext Transfer Protocol) Secure Hypertext Transfer Protocol
It is a secure communication channel developed based on HTTP and used to exchange information between client computers and servers. It uses Secure Sockets Layer (SSL) for information exchange. In short, it is a secure version of HTTP.
It is developed by Netscape and built in its browser. It is used to compress and decompress data and return the results of network upload and return. HTTPS actually uses Netscape's Secure Socket Layer (SSL) as the child layer of the HTTP application layer. (HTTPS uses port 443 instead of using port 80 as HTTP to communicate with TCP/IP .) SSL uses 40-bit keywords as the RC4 stream encryption algorithm, which is suitable for business information encryption. HTTPS and SSL support X.509 digital authentication. If necessary, you can confirm who the sender is.
Differences between HTTPS and HTTP:
For https protocol, you need to apply for a certificate from the ca. Generally, there are few free certificates and you need to pay the fee.
Http is Hypertext Transfer Protocol, information is transmitted in plaintext, and https is a secure ssl encrypted transmission protocol.
Http and https use completely different connection methods with different ports, the former is 80, and the latter is 443.
The http connection is simple and stateless.
HTTPS is a network protocol built by the SSL + HTTP protocol that supports encrypted transmission and identity authentication, which is more secure than http.


Problems solved by HTTPS:


1. Questions about trusted hosts.

An https server must apply for a certificate from the CA to prove the purpose of the server. the client trusts the host only when the certificate is used for the corresponding server. therefore, the key applications of all banking system websites are https. the customer trusts the host by trusting the certificate. in fact, this is very inefficient, but banks are more focused on security. this does not make any sense to us. Our server adopts certificates, no matter whether it is our own issue or issue from the public, the client is our own, so we certainly trust the server.


 

2. Data leaks and tampering during communication


1. In general, https means that the server has a certificate.
A) The main purpose is to ensure that the server is the server he claims. This is the same as that in section 1.1.
B) All communications between the server and the client are encrypted.
I. Specifically, the client generates a symmetric key and exchanges the key through the server certificate. In the general sense, the handshake process.
Ii. All the added information is encrypted. Even if a third party intercepts the information, it makes no sense because it does not have a key. Of course, tampering is meaningless.


2. If you have a few requirements on the client, the client must also have a certificate.
A) The client certificate is similar to a CA-authenticated identity in addition to the user name and password. the individual certificate is generally not simulated by others, so that you can further confirm your identity.
B) at present, this is the practice of Professional edition of a few individual banks. The specific certificate may be using a USB flash disk as a backup carrier.
HTTPS must be cumbersome.
A) The original simple http protocol, a get and a response. Because https needs to restore the key and confirm the encryption algorithm, a single handshake requires 6/7 round trips.
I. In any application, too many round trips will definitely affect the performance.
B) The next step is the specific http protocol. Each response or request requires the client and server to encrypt/decrypt the session content.
I. although the efficiency of symmetric encryption/decryption is relatively high, it still consumes too much CPU. Therefore, it has a dedicated SSL chip. if the CPU performance is relatively low, it will definitely reduce the performance, so that more requests cannot be sent to the server.
Ii. Data size after encryption. Therefore, so many security authentication prompts will appear.

 

NOTES:

1. the Secure Socket Layer is developed by Netscape to ensure the security of data transmission over the Internet. It uses the Encryption technology, it ensures that data is not intercepted or eavesdropped during network transmission.

2. HTTPS, developed by Netscape and built in its browser, is used to compress and decompress data and return the result of network upload and return. HTTPS actually uses Netscape's full Socket Layer (SSL) as the child layer of the HTTP application layer. SSL uses 40-bit keywords as the RC4 stream encryption algorithm, which is suitable for business information encryption. HTTPS and SSL support X.509 digital authentication. If necessary, you can confirm the identity of the sender.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.