Similarities and differences between HTTP and https/http1.0 and HTTP1.1 differences

HTTP status Code

category	explain	Description
1XX	Information	The server receives the request and requires the requestor to continue the operation
2XX	Success	The operation was successfully received and processed
3XX	redirect	Further action required to complete the request
4XX	Client Error	Request contains syntax error or cannot complete request
5XX	Server error	The server has an error while processing the request

Common Status Codes

Status Code	Status Messages	Description
200	Success	Processing requests correctly
301	Permanently moving	The content has been moved to the host indicated in the location header
400	Error request	The server does not understand the request
403	Ban	The server is not authorized to access the requested file
404	Not found	The server could not find the requested method
30w	Not implemented	The server does not support the requested method
505	HTTP version not supported	The server does not support the requested version

Basic concepts of HTTP and HTTPS one, http, and HTTPS

　　HTTP: One of the most widely used network protocols on the internet, is a standard (TCP) for client and Server-side requests and responses for transmitting hypertext to a local browser from a www server.
The HTTP protocol transmits the information in clear text, there is the risk of information eavesdropping, information tampering and information hijacking, and the protocol Tls/ssl has the functions of authentication, information encryption and integrality checking, which can avoid such problems.
　　HTTPS (Hyper Text Transfer over Secure Socket layer is based on Hypertext Transfer Protocol for Secure sockets layers): is a security-targeted http channel, which is simply the security version of HTTP (HTTPS = http + ssl), which is the SSL layer under http, the security base of HTTPS is ssl, so the detailed content of encryption requires SSL.
　　HTTPS protocol function
1. Establish an information security channel to ensure the security of data transmission;
2. The other is to confirm the authenticity of the Website.

The main differences between HTTPS and HTTP are as Follows:

1, the HTTPS protocol requires a certificate to the ca, generally less free certificate, and therefore a certain cost.

2, HTTP is a hypertext transfer protocol, The information is plaintext transmission, HTTPS is a secure SSL encryption transfer Protocol.

3, http and HTTPS use a completely different way of connection, with the same port , the former is 80, the latter is 443.

4, The HTTP connection is very simple, is stateless; the HTTPS protocol is a network protocol built by the HTTP+SSL protocol for encrypted transmission and authentication, which is more secure than the HTTP Protocol.

third, HTTPS Encryption process?

1. Client initiates HTTPS request
The user enters an HTTPS URL in the browser and then connects to port 443 of the Server.

2. Configuration of the server side
Servers that use the HTTPS protocol must have a digital certificate that they can make themselves or apply to the Organization. This set of certificates is actually a pair of public and private keys.

3. Transferring certificates
This certificate is actually the public key, but contains a lot of information, such as the certificate authority, expiration time and so On.

4. Client Resolution Certificate
This part of the work is done with the Client's tls, first verify that the public key is valid, such as the authority, expiration time, and so on, if an exception is found, a warning box pops up, prompting for a problem with the Certificate. If there is no problem with the certificate, then a value is Generated. The random value is then encrypted with a Certificate.

5. Transferring encrypted random values
This part transmits the random value that is encrypted with the certificate, the purpose is to let the server to get this random value, the client and the service side of the communication can be encrypted by this random value to Decrypt.

6. Service Segment Decryption information
After the server is decrypted with the private key, a random value (private Key) is obtained from the client, and then the content is symmetric encrypted by this Value. Symmetric encryption is the combination of information and private keys through an algorithm so that the content cannot be obtained unless the private key is known, and the private key is known to both the client and the Server.

7. Transfer of encrypted information
This part of the information is the service segment with the private key encrypted information, can be restored on the client

8. Client Decryption Information
The client uses the previously generated private key to decrypt the information passed by the service segment and obtains the decrypted Content. The process the third party, even if he hears the data, is helpless.

　　
　　

Iv. when should I use HTTPS? Disadvantages?

Bank websites, Payment gateways, shopping sites, landing pages, e-mail, and some enterprise department sites should use HTTPS

Disadvantages

(1) the HTTPS protocol handshake phase is time- consuming , will increase the page load times by nearly 50%, increasing the power consumption of 10% to 20%;

(2) HTTPS connection cache is less efficient than http, increasing data overhead and power consumption , and even existing security measures will be affected;

(3) SSL certificate requires money, the more powerful the higher the cost of the certificate, personal website, Small site is not necessary generally not used.

HTTP1.0 with HTTP1.11, HTTP 1.1 support for long connections (persistent Connection) and requested pipelining (pipelining) processing

HTTP 1.0 Specifies that the browser and the server only maintain a brief connection, each request of the browser needs to establish a TCP connection with the server, the server completes the request processing immediately after disconnecting the TCP connection, the server does not track each customer also does not log past Requests.

HTTP 1.1 Support Persistent Connections, multiple HTTP requests and responses can be delivered on a TCP connection, reducing the consumption and latency of establishing and shutting down the Connection.
HTTP 1.1 also allows the client to make the next request without waiting for the last request result to be returned, but the server side must echo the response in the order in which the client requests are received, to ensure that the client can distinguish the response from each Request. This also significantly reduces the time required for the entire download process.

2, HTTP 1.1 Add Host Field

In HTTP1.0, each server is considered to be bound to a unique IP address, so the URL in the request message does not have a host name (hostname). however, with the development of Virtual host technology , multiple virtual hosts (multi-homed Web Servers) can exist on a physical server, and they share an IP address.

Both the HTTP1.1 request message and the response message should support the host header domain , and an error will be reported in the request message if there is no Host header field ("bad request"). In addition, the server should accept resource requests marked with an absolute path.
　　
HTTP 1.1 also provides request headers and response headers related to mechanisms such as authentication , state management , and cache caching .
　　

3. (Continue) Status (save Bandwidth)

http/1.1 added a new status code of (CONTINUE). The client sends a lead-only domain request, and if the server rejects the request because of the permission, the Echo response code 401 (unauthorized) is sent back, and if the server receives this request, the client can continue to send the full request with the entity with the Echo response code 100. The use of the Continue status code allows the client to test the server with the request header before sending the request message body, to see if the server wants to receive the request body, and then decide whether to send the request Body

http://www.frankyang.cn/2017/04/19/http-https/

Similarities and differences between HTTP and https/http1.0 and HTTP1.1 differences