The difference between HTTPS and http:
The HTTPS protocol requires a certificate to be applied to the CA, and the general free certificate is very small and requires a fee.
HTTP is a Hypertext Transfer Protocol, the information is plaintext transmission, HTTPS is a secure SSL encryption transport protocol
HTTP and HTTPS use a completely different connection method with the same port, the former is 80, the latter is 443.
The HTTP connection is simple and stateless.
HTTPS protocol is a network protocol built by Ssl+http protocol which can encrypt transmission and authentication, which is more secure than HTTP protocol.
HTTPS (Secure hypertext Transfer Protocol) Secure Hypertext Transfer Protocol
It is a secure communication channel that is based on HTTP development and is used to exchange information between client computers and servers. It uses Secure Sockets Layer (SSL) for information exchange, which simply means that it is a secure version of HTTP.
It is developed by Netscape and built into its browser to compress and decompress data and return the results that are sent back on the network. HTTPS actually applies the Netscape secure full Socket Layer (SSL) as a sub-layer of the HTTP application layer. (HTTPS uses port 443 instead of using port 80来 and TCP/IP to communicate like HTTP.) SSL uses 40-bit keywords as the RC4 stream encryption algorithm, which is appropriate for the encryption of business information. HTTPS and SSL support use of the digital authentication of the number, and if necessary, the user can confirm who the sender is.
HTTPS resolves the issue:
1. The problem of trusting the host. Server with HTTPS must request a certificate from the CA that is used to certify the server's purpose type. The client trusts the secondary host only when the certificate is used for the corresponding server. So at present, all the banking system website, the key part of the application is HTTPS. The client trusts the host by trusting the certificate. In fact, this is inefficient, but banks are more focused on security. This does not make any sense to us, our server, the use of certificates regardless of their own issue or from the public place issue, the client is one of our own, so we will certainly trust the server.
2. Disclosure and tampering of data in the course of communication
1. In general, HTTPS means that the server has a certificate.
A) The main purpose is to ensure that server is the server he claims to be. This is the same as the 1th.
b) All communication between the server and the client is encrypted.
I. Specifically, the client generates a symmetric key that is exchanged through the server's certificate. The handshake process in the general sense.
II. All information exchanged is encrypted. A third party, even if intercepted, does not make any sense. Because he doesn't have a key. Of course, there's no point in tampering.
2. A small amount of client-side requirements, the client will also be required to have a certificate.
A) Here the client certificate, in fact, similar to the personal information, in addition to the user name/password, there is a CA authenticated identity. Should be a personal certificate in general, others cannot emulate, all of which can further confirm their identity.
b) Currently a small number of personal banking Professional Edition is this practice, the specific certificate may be to take a USB flash drive as a backup carrier.
HTTPS must be cumbersome.
The difference between HTTPS and HTTP