HTTP is a Hypertext Transfer Protocol, the information is clear-text transmission, HTTPS is a security SSL encryption transport protocol HTTP and HTTPS using a completely different connection mode with the port is not the same, the former is 80, the latter is 443.
HTTP connection is very simple, is a stateless HTTPS protocol is built by the SSL+HTTP protocol can be encrypted transmission, authentication network protocol than the HTTP protocol security HTTPS solution problem:
1. The problem of trusting the host. Server with HTTPS must request a certificate from the CA that is used to certify the server's purpose type. The client trusts the secondary host only when the certificate is used for the corresponding server. So at present, all the banking system website, the key part of the application is HTTPS. The client trusts the host by trusting the certificate. In fact, this is inefficient, but banks are more focused on security. This does not make any sense to us, our server, the use of certificates regardless of their own issue or from the public place issue, the client is one of our own, so we will certainly trust the server.
2. The disclosure and tampering of the data in the communication process:
(1) The general meaning of HTTPS is that the server has a certificate. A) The main purpose is to ensure that server is the server he claims to be. This is the same as the 1th. B) All communications between the server and the client are encrypted.
(i. Specifically, the client generates a symmetric key that is exchanged through the server's certificate. The general handshake process. II. All information exchanged is encrypted. A third party, even if intercepted, does not make any sense. Because he doesn't have a key. Of course there is no point in tampering.)
(2) A little to the client requirements, the client will also be required to have a certificate.
A) Here the client certificate, in fact, similar to the personal information, in addition to the user name/password, there is a CA authenticated identity. Should be a personal certificate in general, others cannot emulate, all of which can further confirm their identity.
b) Currently a small number of personal banking Professional Edition is this practice, the specific certificate may be to take a USB flash drive as a backup carrier.
(3) HTTPS must be cumbersome.
A) originally a simple HTTP protocol, a get a response. Because HTTPS is required to also encrypt the key and confirm the encryption algorithm. A single handshake requires 6/7 round trips. In any application, excessive round trip certainly affects performance.
b) Then the specific HTTP protocol, each response or request, requires the client and the server to encrypt/decrypt the contents of the session. Although the symmetric encryption/decryption efficiency is high, but still consumes too much CPU, for this there is a dedicated SSL chip. If the CPU signal is low, it will certainly degrade performance, thus not serve more requests. Ii. The effect of the amount of data after encryption. So, there are so many security certification tips. )
HTTP is the most widely used Hypertext Transfer Protocol network protocol, all WWW files must adhere to this standard, based on TCP/IP communication protocol to pass data (HTML files, image files, query results, etc.) connection.
HTTPS is a hypertext transport security protocol and a network secure transport protocol. HTTP protocol transmission of data are not encrypted, some private information is not secure, HTTPS through the Hypertext Transfer Protocol (HTTP) communication, the use of SSL/TLS to encrypt packets, HTTPS development of the main purpose is to protect the security of data transmission.
The difference between HTTPS and http:
1) HTTPS protocol to apply for a certificate to the CA, a certain economic cost;
2) HTTP is clear text transmission, HTTPS is encrypted secure transmission;
3) Connect the port is not the same, HTTP is 80,https is 443;
4) HTTP connection is simple, no state, HTTPS is SSL encrypted transmission, authentication network protocol, relative HTTP transmission is more secure.
Bottom line: http+ encryption + authentication + integrity Protection =https
What is the difference between HTTP and HTTPS?