The difference between HTTP protocol and HTTPS

the difference between HTTP protocol and HTTPS in the original permike

HTTP protocol
The main application of the HTTP protocol is between the server and the client, and the client accepts Hypertext.

HTTP is the protocol for the application layer in the Seven-tier network model, which consists of sending requests and accepting responses, and is a standard client server model. At the same time, http is a stateless Protocol. In other words, the state of the connection cannot be judged by a state, so sometimes communication between computers needs to work together through other protocols to provide Support.

(1) based on b/s mode, i.e. Client/server mode. At the same time can provide login authentication and inter-network security transfer, such as HTTP under the SSL layer, can provide a secure HTTPS service.

Each request method has its own scope of application, in the request message inside, through some rules, explain the user and the Web server type of Communication. At the same time, HTTP protocol rules are relatively simple, so the system using HTTP server, code and program size is relatively lightweight, but the speed of communication is more Efficient.

Data object for the Structure. also, a simple header message, such as marking the type being transmitted by content-type, can be separated.

At the same time, the high-version HTTP protocol, HTTP1.1 supports persistent connections: multiple objects can be routed through a single connection, without the need to transfer one Web object at a time to create a new Connection.

Architecture (hae) ".

Message format for HTTP protocol
Request message for HTTP protocol
When the browser sends a request to the server to the Web server, it sends a block of data, or requests information,

Request Method URI protocol/version;

Request body;

get/test.jsp http/1.1
accept:image/test.image/jpeg,*/*
Accept-language:zh-cn
Connection:keep-alive
host:222.35.232.103
user-agent:mozila/5.0 (compatible; MSIE5.01; Window NT5.0)
Accept-encoding:gzip,deflate
Username=idc&password=linuxidc
(1) Request Method Uri Protocol/version

get/test.jsp http/1.1

HTTP requests can use a number of different request methods, depending on the HTTP Standard. For Example: HTTP1.1 allows seven request methods (also called "actions") to be supported: GET, POST, HEAD, OPTIONS, PUT, delete, and Tarce. In the daily development, get and post are the most common methods, mainly in the related web Development.

It is important to note that the method name is strictly Case-sensitive. sometimes, the resource that a request is targeted for may not support the corresponding request method, and the response is given by a different status Code. For example, the server will return a status code of 405 (method not allowed), and when the requesting server or method does not understand that the corresponding time is not supported, return a status code of 501 (not implemented).

The request header contains some customer environments and requested content Information. For example, the request header can declare the browser kernel and language usage, the requested length, and so On.

windows

The request body and the request header should have a blank line. This empty line must be present, stating the end of the request header transfer and beginning the transfer of the body Request. The request body generally contains a lot of information, such as user-submitted user name and password such as login information: USERLOGIN=LINUXIDC&CURRENTPWD=LINUXIDC

, the request body has only a simple row of Data.

(1) Protocol Status Version Code description

(3) Response Body

http/1.1 OK
Server:apache tomcat/7.0.1
date:mon,6oct2014 13:23:42 GMT
content-length:102
<title>http Response File <title>
<body>
This is the HTTP response file!
</body>
The client sends a request to the server, similar to a request message, and the server responds with a status Line.

HTTP response messages begin with the status line, which can refer to the code of the Example.

Differences from the HTTPS protocol
HTTPS is an ssl/tls-based http protocol, and all HTTP data is transmitted over the SSL/TLS protocol Package.

The-->http protocol runs on top of tcp, and all transmitted content is plaintext, and neither the client nor the server can verify the identity of the Other.

-->https is an HTTP protocol that runs on ssl/tls, and Ssl/tls runs above TCP. All transmitted content is encrypted and encrypted with symmetric encryption, but the symmetric encryption key is asymmetric encrypted with the Server-side Certificate.

Algorithm.

1. The browser sends a set of encryption rules that it supports to the web Site.

3. After obtaining the website certificate, the browser will do the following tasks:

B) If the certificate is trusted, or if the user accepts an untrusted certificate, the browser generates a random number of passwords and encrypts them with the public key provided in the Certificate.

4. After the Web site receives the data from the browser, do the following:

B) encrypt a handshake message with a password and send it to the Browser.

At this point the handshake process ends, and all communication data is then encrypted by the random password generated by the previous browser and by the symmetric encryption Algorithm.

Test.

Asymmetric Encryption Algorithm: RSA,DSA/DSS

Hash algorithm: md5,sha1,sha256

Because the password generated by the browser is the key to the entire data encryption, the asymmetric encryption algorithm is used to encrypt it at the time of Transmission.

If there are any errors during the TLS handshake, the encrypted connection will be disconnected, thereby preventing the transfer of private Information.

The difference between HTTP protocol and HTTPS