The difference between HTTP and HTTPS

Source: Internet
Author: User

InURLFront plushttps://the prefix indicates that it is usedSSLencrypted. The transmission of information between your computer and the server will be more secure. WebServer enabledSSLYou need to obtain a server certificate and use the certificate with theSSLserver bindings. httpand theHTTPSuse a completely different way of connecting,the ports used are not the same,the former is,the latter is443.

HTTPS protocol is a Network protocol constructed by the SSL+HTTP protocol which can encrypt transmission and authentication, which is more secure than HTTP protocol.

HTTPS(securehypertext Transfer Protocol) Secure Hypertext Transfer Protocol

It is a secure communication channel that is based on HTTP development and is used to exchange information between client computers and servers. It uses Secure Sockets Layer (SSL) for information exchange, which simply means that it is a secure version of HTTP.

It is made up ofNetscapedeveloped and built into its browser for compressing and decompressing data and returning the results that are sent back on the network. HTTPShas actually appliedNetscapesecure full-socket Layer (SSL) asHTTPthe child layer of the application layer. (HTTPSusing Ports443, and not likeHTTPuse ports like that theCome andTCP/IPfor communication. )SSLUse +bit keyword asRC4stream encryption algorithm, which is appropriate for the encryption of business information. HTTPSand theSSLsupport for using thedigital authentication, and if necessary, the user can confirm who the sender is.

the difference between HTTPS and HTTP :

The HTTPS protocol requires a certificate to be applied to the CA , and the general free certificate is very small and requires a fee.

HTTP is a Hypertext Transfer Protocol, the information is plaintext transmission,HTTPS is a secure SSL Encryption transport protocol .

HTTP and HTTPS use a completely different way of connecting the port is not the same , the former is the first , the latter is 443 .

The HTTP connection is simple and stateless.

HTTPS protocol is a Network protocol built by Ssl+http protocol which can encrypt transmission and authentication, which is more secure than HTTP protocol .

HTTPS resolves the issue:

1.problems trusting the host. AdoptHTTPSof theServermust be fromCAapply for a certificate that proves the type of server use. Change the certificate only for the correspondingServerthe time,Customer Trust Secondary host. so now all the banking system websites,key parts of the application areHTTPSof the. The customer trusts the certificate,and trusted the host.. Actually, this is inefficient.,But banks are more focused on security. that doesn't make any sense to us .,of ourServer,use of the certificate regardless of their ownIssueor from a public place?issue,the client is one of ours .,so we're sure to trust that, too .server.

2. disclosure and tampering of data in the course of communication

1. in general , HTTPS means that the server has a certificate .

A) The main purpose is to ensure that server is the server he claims to be . this is the same as 1th . .

b) all communication between the server and the client is encrypted .

I. specifically , The client generates a symmetric key that is exchanged through the server 's certificate . the handshake process in the general sense .

II. All information exchanged is encrypted . third parties even intercept , It doesn't make any sense . . because he doesn't have a key. .  of course, there's no point in tampering. .

2. A small amount of client-side requirements , the client will also be required to have a certificate .

A)   Here client certificate except user name / password ,  There's also a CA  certified identity .  should be a personal certificate in general, other people can't emulate , All this can be a deeper confirmation of your identity

b) currently a small number of personal banking Professional Edition is this practice , The specific certificate may be to take the U disk as a backup carrier .

HTTPS must be cumbersome .

A)   http protocol a get a RESPONSE.  because HTTPS  need to also key and confirm the encryption algorithm required One handshake is required 6/7  round trip

I. in any application , excessive round trip will definitely affect performance .

b) next is the specific http protocol , each response or request requires the client and server to encrypt the contents of the session / decryption .

I.  Although symmetric encryption / decryption efficiency is relatively high but still consumes too much cpu, SSL  chip .  if CPU  letter can be relatively low words will certainly degrade performance SERVE  more requests

II. the impact of the amount of data after encryption . So, there are so many security certification tips

What impact does HTTPS website have on Baidu and Google SEO ?

From the "site" We can see Baidu only included http, despite the 301 Jump, Google has included 2 A different version of the page, which clearly indicates which version of my primary domain is. Also included in the situation is greatly unused. And look at what they're doing in the search results.

Google SERP 28

Baidu SERP ...

  Now it's clear to know: https google baidu It obviously won't work, not included at all https sites, not to mention rankings. If baidu did not find your http and that is: Sorry, not found with " xx " related pages, even if you did 301 But one did What do you do with the optimized rival website?

Sometimes a website has to use the encryption protocol because of the business requirements and other innate conditions .

The SE in your main market does not support HTTPS that's all in vain. So it's best to know what the target SE is, like Google so you can ignore it.

But what about Baidu?

How to deal with or avoid this situation to ignore.

One, directly copy an http version,https home 301 to http

such as some special website, after landing display encrypted content if referring to the first page, you can copy a home page in the directory, all call this directory, there is a need to be able to screen out the robots file.

Second, the site inside and outside the link consistent use of http, there is a need to be able to modify the previous link.

Third, theSE re-identify HTTPS website on Baidu and Google SEO what impact?

From the "site" we can see Baidu only included http, despite the 301 Jump, Google has included 2 A different version of the page, which clearly indicates which version of my primary domain is. Also included in the situation is greatly unused. And look at what they're doing in the search results.

Google SERP 28

Baidu SERP 500 ...

  now   can be clearly known: https pair google baidu It obviously won't work, not included at all https site,  not to mention rankings. If baidu did not find your http and that is: Sorry, not found with " XX " related pages, even if you did 301 But one did What do you   do with an optimized rival website?

Sometimes a website has to use the encryption protocol because of the business requirements and other innate conditions .

The SE in your main market does not support HTTPS that's all in vain. So it's best to know what the target SE is, like Google so you can ignore it.

But what about Baidu?

How to deal with or avoid this situation to ignore.

One, directly copy an http version,https home 301 to http

such as some special website, after landing display encrypted content if referring to the first page, you can copy a home page in the directory, all call this directory, there is a need to be able to screen out the robots file.

Second, the site inside and outside the link consistent use of http, there is a need to be able to modify the previous link.

Third,SE re-recognition

The difference between HTTP and HTTPS

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.