SSL encryption for HTTPS is implemented at the transport layer.
Basic concepts of HTTP and HTTPS
HTTP: Hypertext transfer protocol, is the most widely used network protocol on the Internet, is a client and server side request and response standard (TCP), used to transmit hypertext from the WWW server to the local browser transmission protocol, it can make the browser more efficient, so that the network transmission is reduced.
HTTPS: an HTTP channel that aims at security. In short, it is the secure version of HTTP, that is, ADDING SSL layer under HTTP. The SECURITY foundation of HTTPS is SSL, so SSL is required for encrypting details. The HTTPS protocol provides a secure information channel to ensure the transfer of arrays and the authenticity of websites.
Difference between HTTP and HTTPS
Data transmitted through HTTP is unencrypted, that is, plaintext. Netscape uses SSL to encrypt data transmitted through HTTP. To put it simply, HTTPS is a network protocol constructed by HTTP and SSL that can be used for encrypted transmission and identity authentication. This protocol is more secure than HTTP.
The main differences are as follows: Https requires a CA certificate, which costs a lot. HTTP is a hypertext transmission protocol, and information is transmitted in plain text. HTTPS is a secure SSL encryption transmission protocol. Generally speaking, the HTTP port is 80 and the HTTPS port is 443. HTTP connections are simple and stateless.
HTTPS is a network protocol that uses SSL and HTTP to encrypt transmission and identity authentication. It is more secure than HTTP.
How the HTTPS protocol works
The following steps are shown when the client uses HTTPS to communicate with the Web server. If the customer accesses the server using HTTPS urls, the Web server must establish SSL links. Upon receiving the request, the Web server returns or transmits the web site’s certificate (which contains the public key) to the client. The client and web server begin to negotiate the security level, or encryption level, of the SSL link. The client browser establishes a session key based on a mutually agreed security level, then encrypts the session key through the website’s public key and transmits it to the website. The Web server decrypts the session key through its own private key. The Web server encrypts the communication with the client through the session key.
Advantages of THE HTTPS protocol
HTTPS authenticates users and servers to ensure that data is sent to the right clients and servers.
HTTPS is a network protocol that uses SSL and HTTP to encrypt transmission and authenticate identity. It is more secure than HTTP and protects data from theft and alteration during transmission, ensuring data integrity. HTTPS is the most secure solution under the current architecture, and while it is not absolutely secure, it significantly increases the cost of man-in-the-middle attacks. Google tweaked its search engine in August 2014, saying that “HTTPS encrypted sites will rank higher in search results than comparable HTTP sites.”
Disadvantages of the HTTPS protocol
The HTTPS handshake phase is time-consuming, lengthening the page load time by 50% and increasing power consumption by 10% to 20%. HTTPS caching is not as efficient as HTTP and increases data overhead. SSL certificates also cost money, and more powerful certificates cost more. An SSL certificate must be bound to an IP address. Multiple domain names cannot be bound to the same IP address. Ipv4 resources cannot support such consumption.