Hypertext Transfer Protocol The HTTP protocol is used to transfer information between a web browser and a web server. The HTTP protocol sends content in clear text, without providing any way of data encryption, if an attacker intercepts between a web browser and a web server. The transmission message can directly read the information therein. Therefore, the HTTP protocol is not suitable for transmitting some sensitive information, such as credit card number, password andother payment information.
In order to solve this defect of the HTTP protocol, another protocol is needed: Secure Sockets Layer Hypertext Transfer Protocol HTTPS . For the security of data transmission, HTTPS adds SSL protocol based on HTTP, and SSL relies on certificates to authenticate the server. Identity and encryption for communication between the browser and the server.
First, the basic concepts of HTTP and HTTPS
HTTP: is the most widely used network protocol on the Internet. It is a client-side and server-side request and response standard (TCP). It is used to transfer hypertext from a WWW server to a local browser. It can be browsed. The device is more efficient and reduces network transmission.
HTTPS: HTTP channel for security purposes. It is simply a secure version of HTTP. That is, HTTP is added to the SSL layer. The security foundation of HTTPS is SSL. Therefore, the details of encryption require SSL.
The main functions of the HTTPS protocol can be divided into two types: one is to establish an information security channel to ensure the security of data transmission; the other is to confirm the authenticity of the website.
Second, what is the difference between HTTP and HTTPS?
The data transmitted by the HTTP protocol is unencrypted, that is, plaintext. Therefore, it is very insecure to use the HTTP protocol to transmit private information. In order to ensure that these private data can be encrypted and transmitted, Netscape has designed the SSL (Secure Sockets Layer) protocol. The HTTPS was born by encrypting the data transmitted by the HTTP protocol. To put it simply, the HTTPS protocol is a network protocol built by the SSL+HTTP protocol for encrypted transmission and identity authentication, which is more secure than the http protocol.
The differences between HTTPS and HTTP are as follows:
1. The https protocol needs to apply for a certificate at ca. Generally, there are fewer free certificates, so a certain fee is required.
2. http is a hypertext transfer protocol, the information is transmitted in plaintext, and https is a secure ssl encrypted transport protocol.
3, http and https use a completely different connection method, the port used is not the same, the former is 80, the latter is 443.
4, http connection is very simple, is stateless; HTTPS protocol is a network protocol built by SSL+HTTP protocol for encrypted transmission and identity authentication, which is more secure than http protocol.