The difference between HTTPS and HTTP

HTTP hypertext protocol, HTTP is used to transmit information between WEB browsers and WEB servers. HTTP sends content in plaintext and does not provide any form of data encryption. If an attacker intercepts a packet transmitted between WEB browsers and WEB servers, the message can be read. Therefore HTTP protocol is not suitable for transmitting some sensitive information, in short: information card number, password payment and so on

To address this HTTP protocol flaw, a new protocol needs to be used:Secure Socket layerHypertext transfer protocol HTTPS, in order to secure data transmission, HTTPS adds SSL protocol on the basis of HTTP, SSL relies on certificates to verify the identity of the server, and encrypts the communication between the browser and the server.

SSL(Secure Sockets Layer) and its successors Transport layer security is a security protocol that provides security and data integrity for network communications

Basic concepts of HTTP and HTTPS

HHTP: is the most widely used network protocol on the Internet, is a client and server request and response standard (TCP), used in WWW(three W) server to transmit hypertext to the local browser transmission protocol, it can make the browser faster, reduce network transmission.

HTTPS: HTTP security management, that is,HTTP is added to SSL layer,HTTPS security is based on SSL.

The HTTPS protocol has two main functions.

  • One is to establish a kind of information security channel to stabilize information security.
  • Another is to determine the authenticity of the site.

The SSL protocol is inserted between TCP(transport layer) and HTTP (application layer)

There’s been a lot of discussion about the three-way handshake and HTTP

HTTP is an application layer protocol, and its main task is to exchange information with the server. As for how to contact him, in fact it always assumes the correct transport protocol. The task of TCP is to ensure the reliability of the connection, and the three-way handshake is required at the first connection. In some cases HTTP does not need to be connected through TCP, so there is no three-way handshake required.