Hypertext Transfer Protocol The HTTP protocol is used to transfer information between web browsers and website servers. The HTTP protocol sends content in clear text and does not provide any form of data encryption. If an attacker intercepts the transmission message between the web browser and the website server, he can directly read the information in it. Therefore, the HTTP protocol is not suitable for transmitting some sensitive information. information, such as: credit card number, password and other payment information.
In order to solve this defect of the HTTP protocol, another protocol needs to be used: Secure Socket Layer Hypertext Transfer Protocol HTTPS. For the security of data transmission, HTTPS HTTP base
The SSL/TLS protocol is added on the basis. SSL/TLS relies on certificates to verify the identity of the server and encrypt the communication between the browser and the server.
The HTTPS protocol is a network protocol built from the SSL/TLS HTTP protocol that can perform encrypted transmission and identity authentication. It is more secure than the http protocol.
The main role of the HTTPS protocol It can be divided into two types: one is to establish an information security channel to ensure the security of data transmission; the other is to confirm the authenticity of the website.
The main difference between HTTPS and HTTP
The https protocol requires applying for a certificate from the CA. Generally, there are fewer free certificates, so a certain fee is required.
http is a hypertext transfer protocol, and information is transmitted in plain text, while https is a secure SSL/TLS encrypted transmission protocol.
http and https use completely different connection methods and use different ports. The former is 80 and the latter is 443.
http connection is very simple and stateless; HTTPS protocol is a network protocol built from SSL/TLS HTTP protocol that can perform encrypted transmission and identity authentication, and is more secure than http protocol.
Steps for the client to communicate with the Web server using HTTPS
The client uses the https URL to access the Web server and requires an SSL connection to be established with the Web server.
After the Web server receives the client's request, it will transmit a copy of the website's certificate information (the certificate contains the public key) to the client.
The client's browser and the Web server begin to negotiate the security level of the SSL/TLS connection, which is the level of information encryption.
The client's browser establishes a session key based on the security level agreed by both parties, then uses the website's public key to encrypt the session key and transmits it to the website.
The Web server uses its own private key to decrypt the session key.
The web server uses session keys to encrypt communications with clients.
The above is the detailed content of The difference between HTTP and HTTPS. For more information, please follow other related articles on the PHP Chinese website!