The difference between HTTP and HTTPS

What is HTTP?

Description of the MDN:

HTTP is a protocol (communication protocol) that can acquire network resources such as HTML. It is the basis for data exchange on the Web and is a client-server protocol, which means that requests are usually initiated by a recipient such as a browser. A complete Web document is usually made up of different subdocuments, such as text, layout descriptions, pictures, videos, scripts, and so on.

So what is HTTPS?

Description of Wikipedia:

HTTP security (HTTPS) is Hypertext transfer?? Protocol (HTTP) extension for secure communication over a computer network and is widely used in the Internet. ^{in HTTPS, the communication protocol is encrypted by Transport Layer Security (TLS) or the previous predecessor Secure Sockets Layer (SSL). Therefore, this Protocol is also commonly referred to as HTTP over TLS, or HTTP over SSL.}

First, the difference between HTTP and HTTPS

1. The URL of HTTP starts with/HTTP, and the HTTPS URL begins with https://;
2. HTTP does not require a certificate, and HTTPS requires a CA certificate;
3. HTTP is clear text transmission, HTTPS encrypted transmission;
4. Both HTTP and HTTPS are based on the TCP (and UDP) protocol, but HTTP uses TCP protocol 80 port and HTTPS uses TCP protocol 443 port;
5. HTTP direct and TCP communication, HTTP first and SSL communication, SSL and TCP communication.

HTTPS uses a hybrid encryption mechanism

Description of Baidu

• Public key encryption is also known as asymmetric key encryption, which uses two different keys: the encryption key and the secret key. The former public, also known as public key, referred to as the public key. The latter is confidential, also known as the private key, referred to as the private key. The two keys are mathematically related, and the information obtained by encrypting a user's encryption key can only be decrypted with that user's decryption key. The RSA algorithm (by the inventor Rivest,shmir and Adleman initials) is a well-known public key encryption algorithm.
• Another use of public key cryptography is authentication: information that is encrypted with the private key, which can be decrypted with a public key copy, which the recipient will see that the message does come from someone with a private key.
• The public key is in the form of a digital certificate.

• Symmetric encryption (also known as private key encryption) refers to encrypting and decrypting cryptographic algorithms that use the same key. Sometimes called a traditional cryptographic algorithm, the encryption key can be inferred from the decryption key, and the decryption key can also be inferred from the encryption key. In most symmetric algorithms, the encryption key and decryption key are the same, so the encryption algorithm is also called the secret key algorithm or single key algorithm. It requires the sender and receiver to agree on a key before communicating securely. The security of a symmetric algorithm relies on the key, which means that anyone can decrypt the message they send or receive, so the confidentiality of the key is critical to the security of the communication.

HTTPS uses a hybrid encryption mechanism, the client and the server first use the public key encryption algorithm to exchange the symmetric encryption algorithm key, to ensure that the key security exchange, the use of symmetric encryption algorithm for communication. HTTPS Workflow:

1. TCP three-time handshake;
2. The client verifies the server digital certificate, validates the pass, and proceeds to the next step; (If the client is configured for client-side authentication, the server can verify the identity of the client)
3. The DH algorithm negotiates the key of the symmetric encryption algorithm and the cryptographic key of the hash algorithm;
4. SSL Secure encrypted tunnel negotiation is completed;
5. The Web page is transmitted in an encrypted way, and the data security is ensured by using the negotiated symmetric encryption algorithm and key encryption.
6. The data integrity is protected by a negotiated hash algorithm to ensure that the data is not tampered with.

Second, HTTPS disadvantages

SSL slow (relative to HTTP):

• Slow communication;
• High hardware resource consumption results in slower processing times.

(At present hardware level can basically ignore above these two points)

HTTPS communication requires a CA certificate (most institutions charge) and does not ensure that the certificate of the digital certificate Authority must be secure.

The difference between HTTP and HTTPS