HTTP VS HTTPS :What Is The Difference
Basic concepts of HTTP and HTTPS
HTTP: It is the most widely used network protocol on the Internet. It is a standard for client and server requests and responses (TCP). It is a transmission protocol used to transfer hypertext from WWW server to local browser. It can make browser more efficient and reduce network transmission.
HTTPS: The goal of HTTP tunnel is security. In simple terms, it is the secure version of HTTP. That is, the SSL layer is added under HTTP. The security foundation of HTTPS is SSL. Therefore, SSL is required for the details of encryption.
The main function of HTTPS protocol can be divided into two types: one is to establish an information security tunnel to ensure the security of data transmission; the other is to confirm the authenticity of the website.
What's the difference between HTTP and HTTPS?
The data transmitted by HTTP protocol is unencrypted, that is, plain text. Therefore, it is very unsafe to transmit private information busing the HTTP protocol. In order to ensure that these private data can be encrypted for transmission, Netscape company designed SSL (secure sockets layer) protocol to encrypt the data transmitted by HTTP protocol, thus HTTPS was born. In simple terms, the HTTPS protocol is a network protocol constructed by SSL + HTTP protocol that can perform encrypted transmission and identity authentication, which is more secure than HTTP protocol.
The main differences between HTTPS and HTTP are as follows:
(1) HTTPS protocol needs to apply for certificate from CA, generally there are fewer free certificates, so it requires a certain fee.
(2) HTTP is a hypertext transmission protocol, information is transmitted in plain text, and HTTPS is a secure SSL encrypted transmission protocol.
(3) HTTP and HTTPS use totally different connection methods and different ports. The former is 80 and the latter is 443.
(4) The HTTP connection is simple and stateless; The HTTPS protocol is a network protocol constructed by SSL + HTTP that can perform encrypted transmission and identity authentication, which is more secure than HTTP protocol.
Advantages of HTTPS
Although HTTPS is not absolutely secure, organizations whith root certificates and organizations with encryption algorithms can also perform man-in-the-middle attacks. However, HTTPS is still the most secure solution under the current architecture. It has the following advantages:
(1) Use HTTPS protocol to authenticate users and servers, and ensure that data is sent to the correct clients and servers;
(2) The HTTPS protocol is a network protocol constructed by SSL + HTTP protocol that can perform encrypted transmission and identity authentication. It is more secure than HTTP protocol, which can prevent data from being stolen and changed during transmission, ensuring data integrity.
(3) HTTPS is the most secure solution under the current architecture. Although it is not absolutely secure, it significantly increases the cost of man-in-the-middle attack.
(4) Google adjusted its search engine algorithm in August 2014, and stated that "compared to the equivalent HTTP website, websites using HTTPS encryption will rank higher in search results".
Disadvantages of HTTPS
Although HTTPS has great advantages, it still has some shortcomings:
(1) The handshake phase of the HTTPS protocol is time-consuming and will increase the page load time by nearly 50%, and increase the power consumption by 10% to 20%;
(2) HTTPS connection cache is not as efficient as HTTP, it will increase data overhead and power consumption, and even existing security measures will be affected;
(3) The SSL certificate requires money, the more powerful the certificate cost is higher. Personal website and small website are generally unnecessary and will not be used.
(4) SSL certificates usually need to be bound to an IP, so multiple domain names cannot be bound to the same IP. IPv4 resources cannot support this consumption.
(5) The encryption range of the HTTPS protocol is also relatively limited, which has little effect on hacker attack, denial of service attack, server hijacking, etc. Most importantly, the credit chain system of SSL certificate is not secure, especially when some countries can control CA root certificate, man-in-the-middle attacks are feasible.