HTTPS (Secure hypertext Transfer Protocol) Secure Hypertext Transfer Protocol It is a secure communication channel that is based on HTTP development and is used to exchange information between client computers and servers. It uses Secure Sockets Layer (SSL) for information exchange, which simply means that it is a secure version of HTTP. It is developed by Netscape and built into its browser to compress and decompress data and return the results that are sent back on the network.
HTTPS actually applies the Netscape secure full Socket Layer (SSL) as a sub-layer of the HTTP application layer. (HTTPS uses port 443 instead of using port 80来 and TCP/IP to communicate like HTTP.) SSL uses 40-bit keywords as the RC4 stream encryption algorithm, which is appropriate for the encryption of business information. HTTPS and SSL support use X. 509 digital authentication, if necessary, the user can confirm who the sender is.
Second, HTTPS
HTTPS (hypertext Transfer Protocol The over Secure Socket Layer, SSL-based HTTP protocol) uses the HTTP protocol, but HTTPS uses a different default port than the HTTP protocol and an encryption, authentication layer (between HTTP and TCP). The initial development of this Protocol, conducted by Netscape, provides an authentication and encryption method of communication, which is now widely used for security-sensitive communications on the Internet. step ,.
- The client accesses the Web server using the HTTPS URL and requires an SSL connection with the Web server.
- When a Web server receives a client request, it sends a copy of the Web site's certificate information (the certificate contains the public key) to the client.
- The client's browser and Web server begin to negotiate the security level of the SSL connection, which is the level of information encryption.
- The client's browser establishes a session key based on both agreed security levels, and then encrypts the session key using the Web site's public key and transmits it to the Web site.
- The Web server decrypts the session key with its own private key.
- The Web server uses the session key to encrypt communication with the client.
the difference between HTTPS and http:
- The HTTPS protocol requires a certificate to be applied to the CA, and the general free certificate is very small and requires a fee.
- HTTP is a Hypertext Transfer Protocol, the information is clear-text transmission, HTTPS is a security SSL encryption transport protocol HTTP and HTTPS using a completely different connection mode with the port is not the same: the former is 80, the latter is 443.
- HTTP connection is simple, is a stateless HTTPS protocol is built by the SSL+HTTP protocol can be encrypted transmission, authentication network protocol is more secure than the HTTP protocol.
- HTTPS resolves the issue:
1, trust the host problem. Server with HTTPS must request a certificate from the CA that is used to certify the server's purpose type.
The client trusts this host only when the certificate is used for the corresponding server. So at present, all the banking system website, the key part of the application is HTTPS. The client trusts the host by trusting the certificate. In fact, this is inefficient, but banks are more focused on security. This does not make any sense to us, our server, the use of certificates regardless of their own issue or from the public place issue, the client is one of our own, so we will certainly trust the server.
Description of SSL:
SSL is a security-confidentiality protocol presented by Netscape companies in browsers such as Internet Explorer, Netscape Navigator, and Web servers such as Netscape Enterprise server for Netscape, ColdFusion server and so on) to construct a secure channel for data transmission,SSL runs above the TCP/IP layer, under the application layer, to provide encrypted data channel for the application, it uses encryption algorithms such as RC4, MD5, and RSA, using 40-bit keys, For encryption of business information.
At the same time, Netscape company developed the HTTPS protocol and built in its browser, HTTPS is actually SSL over HTTP, it uses the default port 443, instead of using port 80来 and TCP/IP to communicate like HTTP. The HTTPS protocol uses SSL to encrypt the original data in the sender, then decrypt the receiver, and the encryption and decryption require the sender and receiver to exchange the common known key, so the transmitted data is not easily intercepted and decrypted by the network hacker.
However, the encryption and decryption process requires a large amount of overhead on the system, severely reducing the performance of the machine, and the relevant test data indicates that the efficiency of data transfer using the HTTPS protocol is only one-tenth of the HTTP protocol.
If for security purposes, all Web applications of a website are SSL-enabled to encrypt and transmit using the HTTPS protocol, then the performance and efficiency of the site will be greatly reduced, and it is not necessary because generally not all data are required to be so high level of security, so, We only need to use the HTTPS protocol for interactive processing involving confidential data, so that we can get the best of both worlds. In short, do not need to use the place of HTTPS, try not to use.
The difference between HTTP and HTTPS