What is HTTPS?
HTTPS ( HTTP over SSL, which represents a hypertext Transfer protocol based on Secure Sockets Layer ) is a Netscape developed by Web encrypt the transport protocol.
You can also say: HTTPS = HTTP + SSL
HTTPS in the HTTP the application layer is based on the use of a Secure Sockets layer as a child layer.
Why do I need HTTPS:
Hypertext Transfer Protocol(HTTP)is a protocol used to transmit and receive information over the Internet. HTTPUse Request/response, so information can be transmitted quickly, easily, and precisely across the server. When you visitWebpage when you are usingHTTPagreement, butHTTPis unsafe, because it uses plaintext transmission, hackers can easily eavesdrop on you andWebdata transfer between servers. In many cases, sensitive information is transmitted between the customer and the server and needs to be protected from unauthorized access. In order to meet this requirement, Netscape Inc. (Netscape) launched aHTTPSagreement.
http and HTTPS :
In most cases, HTTP and HTTPS HTTP or HTTPS client-browser, Set up a port that is connected to Web server specified. When the server receives the request, it returns a status code along with the message, which may be a request for information, or an error message that indicates an error was sent. The system uses the Uniform Resource Locator URI
and HTTPS and the HTTP The only difference is just a protocol header (HTTPS) description, the others are the same.
HTTP and HTTPS The difference between :
1. the URL for HTTP starts with /http , and the HTTPS URL begins with https://
2. HTTP is not secure, and HTTPS is secure
3. The HTTP standard port is 443 , while the standard port for HTTPS is
4. in the OSI network model,HTTP works on the application layer, while the HTTPS Working in the Transport Layer
5. HTTP cannot be encrypted, while HTTPS encrypts transmitted data
6. HTTP does not require a certificate, and HTTPS requires a certificate of authentication (SSL certificate)
HTTPS How does it work ?
If you want to use connection, the server must have a public key and signed certificate ( ssl certificate).
when using HTTPS connection, the server responds to the initial connection, and provides the encryption methods it supports. In response, the client chooses a connection method, and the client and server-side Exchange certificates authenticate each other. When you are done, transfer the encrypted information and then close the connection, making sure that the same key is used. To provide HTTPS connection support, the server must have an SSL certificate that contains a third-party authoritative CA certification of the key information, through CA Authentication to ensure that the certificate is safe.
HTTP The following actions are included:
1. Browser opens a TCP Connection
2. the browser sends an HTTP request to the server side
3. the server sends HTTP response information to the browser
4. TCP connection shutdown
SSL The following actions are included:
1. Verify server-side
2. allow client and server to select encryption algorithms and passwords to ensure both sides support
3. Verify the client (optional)
4. Use public key cryptography to generate shared encrypted data
5. Create an encrypted SSL Connection
6. passing HTTP requests based on this SSL Connection
when should I use HTTPS?
Bank websites, payment gateways, shopping sites, landing pages, e-mails, and some corporate websites should use HTTPS , such as:
Dangdang : https://login.dangdang.com
China Peace : https://www.pingan.com.hk/
If a website asks you to fill out credit card information, first you need to check if the page is using HTTPS encrypted connection, if not, then please do not enter any sensitive information, such as credit card numbers, accounts, passwords.
Browser warning
mainstream browsers have a trusted root certification authority, such as IE Browser, the public key of the trusted certification authority has been built-in, by IE in the browser's menu, click "Tools /internet option--Content--Certificate button to see IE The browser has trusted Intermediate certification authorities and Trusted Root Certification authorities ". Only through Webtrust International certification, in line with the international standards of the Authority, can be built into the browser, the default is trusted.
when we were deployed on the access SSL certificate Web site, the browser will automatically download the SSL certificate, and check the security of the certificate. If the certificate is not trusted or has expired, the browser displays a warning message. Some old browsers will pop up a dialog box to let the user choose whether or not to continue browsing, the new version of the browser generally displays the banner warning message throughout the window, while displaying the site's security information on the address bar. If your site contains encrypted and non-encrypted mixed content, most browsers will prompt for warning messages.
What is the difference between HTTP and HTTPS?