Home > Article > Backend Development > Detailed explanation of the difference between HTTP and HTTPS
Hypertext Transfer Protocol HTTP protocol is used to transfer information between web browsers and website servers. The HTTP protocol sends content in clear text and does not provide any If an attacker intercepts the transmission message between the web browser and the website server, he can directly read the information. Therefore, the HTTP protocol is not suitable for transmitting some sensitive information, such as credit card numbers, passwords, etc. Payment Information.
The data transmitted by the HTTP protocol is unencrypted, that is, in plain text. Therefore, it is very unsafe to use the HTTP protocol to transmit private information. In order to ensure that these private data can be encrypted and transmitted, the Internet Jing Company designed the SSL (Secure Sockets Layer) protocol to encrypt data transmitted by the HTTP protocol, thus giving birth to HTTPS.
In order to solve this defect of the HTTP protocol, another protocol needs to be used: Secure Sockets Layer Hypertext Transfer Protocol HTTPS. For the security of data transmission, HTTPS is based on HTTP The SSL protocol is added to the browser. SSL relies on certificates to verify the identity of the server and encrypt the communication between the browser and the server.
HTTP: It is the most widely used network protocol on the Internet. It is a client-side and server-side request and The response standard (TCP) is a transmission protocol used to transmit hypertext from the WWW server to the local browser. It can make the browser more efficient and reduce network transmission.
HTTPS: It is an HTTP channel aimed at security. Simply put, it is a secure version of HTTP, that is, an SSL layer is added to HTTP. The security foundation of HTTPS is SSL, so the details of encryption require SSL.
Encrypted transmission;
Authentication.
1. The https protocol requires applying for a certificate from ca. Generally, there are fewer free certificates, so a certain fee is required.
2. http is a hypertext transfer protocol, and information is transmitted in plain text, while https is a secure SSL encrypted transmission protocol.
3. http and https use completely different connection methods and use different ports. The former is 80 and the latter is 443.
4. The http connection is very simple and stateless; the HTTPS protocol is a secure channel built by the SSL+HTTP protocol that can perform encrypted transmission and identity authentication, and is safer than the http protocol.
Customers use https URLs to access the web server and require an SSL connection to be established with the web server.
After the Web server receives the client's request, it will send a copy of the website's certificate information (the certificate contains the public key) to the client.
The client randomly creates a session key, then uses the website’s public key to encrypt the session key and transmits it to the website.
The Web server uses public key decryption to obtain the session key.
The web server and browser communicate through encryption and decryption of session key data
As shown in the figure:
Using the HTTPS protocol can authenticate users and servers, ensuring that data is sent to the correct client and server;
HTTPS protocol is a network protocol built by SSL+HTTP protocol that can perform encrypted transmission and identity authentication. It is more secure than http protocol and can prevent data from being stolen or changed during transmission. Ensure data integrity.
HTTPS is the most secure solution under the current architecture. Although it is not absolutely safe, it greatly increases the cost of man-in-the-middle attacks.
Google adjusted its search engine algorithm in August 2014 and stated that "compared to equivalent HTTP websites, websites using HTTPS encryption will rank higher in search results."
HTTPS protocol handshake phase is more time-consuming, which will extend the page loading time by nearly 50% and increase by 10 % to 20% of power consumption;
HTTPS connection caching is not as efficient as HTTP, which will increase data overhead and power consumption, and even existing security measures will be affected;
SSL certificates cost money. The more powerful the certificate, the higher the cost. Personal websites and small websites generally do not use it if it is not necessary.
SSL certificates usually need to be bound to an IP. Multiple domain names cannot be bound to the same IP. IPv4 resources cannot support this consumption.
Here you need to change all the links in the page, such as js, css, pictures, etc. Changed from http to https.
We can make http and https compatible when switching. The specific implementation method is to remove the http header in the page link, so that the http header and https header can be automatically matched. For example: change http://www.baidu.com to //www.baidu.com. Then when the user enters the access page from the http entrance, the page is http. If the user enters the access page from the https entrance, the page is https
Related recommendations:
PHP Http request http 500 The difference between http and https http 192.168.1.1
HTTP and HTTPS cross-domain sharing session solution
PHP simply implements HTTP and HTTPS cross-domain sharing session solutions
The above is the detailed content of Detailed explanation of the difference between HTTP and HTTPS. For more information, please follow other related articles on the PHP Chinese website!