Talking about HTTP and HTTPS

The Hypertext Transfer Protocol HTTP protocol is used to pass information between a Web browser and a Web server, the HTTP protocol sends content in plaintext, does not provide data encryption in any way, and if an attacker intercepts a transmission message between a Web browser and a Web server, it can read the information directly, so HTTP protocol is not suitable for transmitting some sensitive information, such as credit card number, password and other payment information.

In order to solve this flaw of the HTTP protocol, we need to use another protocol: Secure Sockets Layer Hypertext Transfer Protocol HTTPS, in order to secure the data transmission, HTTPS on the basis of HTTP added SSL protocol, SSL relies on certificates to verify the identity of the server, and encrypt the communication between the browser and the server.

I. Basic concepts of HTTP and HTTPS

HTTP: Is the most widely used Internet protocol, is a client and server-side request and response Standard (TCP), used to transfer from the WWW server hypertext to the local browser of the transport protocol, it can make the browser more efficient, so that network transmission reduced.

HTTPS: is a security-targeted HTTP channel, simply speaking is the security version of HTTP, that is, HTTP under the SSL layer, HTTPS security base is SSL, so the details of encryption requires SSL.

The main role of HTTPS protocol can be divided into two kinds: one is to establish an information security channel to ensure the security of data transmission, the other is to confirm the authenticity of the website.

Second, what is the difference between HTTP and HTTPS?

The data transmitted by the HTTP protocol is unencrypted, which is plaintext, so it is very unsafe to transmit private information using the HTTP protocol, so that the privacy data can be encrypted for transmission, so Netscape Designs SSL (Secure Sockets Layer) protocol is used to encrypt the data transmitted by the HTTP protocol, resulting in the creation of HTTPS. In simple terms, the HTTPS protocol is a network protocol built by the SSL+HTTP protocol for encrypted transmission and authentication, which is more secure than the HTTP protocol.

The main differences between HTTPS and HTTP are as follows:

1, the HTTPS protocol requires a certificate to the CA, generally less free certificate, and therefore a certain cost.
2, HTTP is a Hypertext Transfer Protocol, the information is plaintext transmission, HTTPS is a secure SSL encryption Transfer protocol.
3, HTTP and HTTPS use a completely different way of connection, with the same port, the former is 80, the latter is 443.
4, the HTTP connection is very simple, is stateless; The HTTPS protocol is a network protocol built by the SSL+HTTP protocol for encrypted transmission and authentication, which is more secure than the HTTP protocol.

Third, the working principle of HTTPS

Talking about HTTP and HTTPS