1. Basic concepts
HTTP:
Hypertext Transfer protocol (HYPERtext Transfer Protocol) is the most widely used network protocol on the Internet. It is a client - and server-side request and response standard, used to transfer hypertext from the WWW server to the local browser transport protocol, it can reduce network traffic, make the browser more efficient; It is a request and response based, stateless, application layer protocol, usually based on TCP/IP protocol data transmission;Copy the code
HTTPS:
It is a secure HTTP protocol, simply speaking, the secure version of HTTP, that is, adding SSL layer under HTTP. Its security is based on SSL, which is required for the details of encryption. It is a transport protocol for secure communication over computer networks, through HTTP communication, using SSL/TLS to establish full channel, encryption packets. The primary purpose of HTTPS is to provide identity authentication to web servers and protect the privacy and integrity of the data exchanged.Copy the code
The difference between:
The Https protocol requires a CA certificate, and the cost is high. HTTP is a hypertext transmission protocol, and information is transmitted in plain text. HTTPS is a secure SSL encryption transmission protocol. Generally speaking, the HTTP port is 80 and the HTTPS port is 443. HTTP connections are simple and stateless; HTTPS is a network protocol that uses SSL and HTTP to encrypt transmission and authenticate identity. It is more secure than HTTP.Copy the code
2. Working principle of HTTPs protocol:
1. If the customer accesses the server using an HTTPS URL, the web server must establish an SSL connection. 2. After receiving the request from the client, the Web server returns or transmits the certificate of the website (including the public key) to the client. 3. The client and web server start to negotiate the SSL connection security level, that is, the encryption level. 4. The client browser establishes a session key based on the security level agreed by both parties, encrypts the session key through the public key of the website, and sends the session key to the website. 5. The Web server decrypts the session key using its own private key. 6. The Web server encrypts the communication with the client using the session key.Copy the code
3. Advantages of HTTPs:
1. Use HTTPS to identify users and servers and ensure that data is sent to correct clients and servers. 2. HTTPS is an encrypted transmission protocol consisting of HTTP and SSL. It supports encrypted transmission and identity authentication and has high security, preventing data from being stolen or changed during transmission and ensuring data integrity. 3. HTTPS is the most secure solution under the current architecture. Although it cannot guarantee absolute security, it greatly increases the cost of man-in-the-middle attacks. 4. Google also recommends HTTPS, indicating that websites encrypted with HTTPS will rank higher in search results.Copy the code
4. Disadvantages of HTTPs:
1. HTTPS handshake takes a long time, lengthening the page loading time by 50% and increasing power consumption by 10%-20%. 2. HTTPS cache is not as efficient as HTTP, which increases data overhead. 3. SSL certificates require money. The higher the level, the higher the cost. 4. An SSL certificate must be bound to an IP address. Multiple domain names cannot be bound to the same IP address, because ipv4 resources cannot support such consumption.Copy the code