Tuesday, 8 January 2019

What’s difference between http and https

In the beginning, IT experts had to figure out how to share the information on the Internet.

They agreed on a procedure for exchanging info and called it HyperText Transfer Protocol (HTTP).

Once everyone knew how to exchange information, intercepting it on the Internet was not difficult. So experts agreed upon a procedure to protect the information they exchanged. 

The protection relies on SSL Certificate to encrypt the online data. Encryption means that the sender and recipient agree upon a cipher"code" and encode their info into random strings using that cipher.

The procedure for encrypting information and then exchanging it is called HyperText Transfer Protocol Secure (HTTPS).

With HTTPS if anyone in between the sender and the recipient could open the message, they still could not understand it. Only the sender and the recipient, who know the "code," can decode the message.

To do this, the system at each end uses a document called an "SSL Certificate" containing character strings that are the keys to their secret "codes."

SSL certificates contain the System owner's "public key."

The owner shares the public key with anyone who needs it. Other users need the public key to encrypt messages to the owner. The owner sends those users the SSL certificate, which contains the public key. The owner does not share the private key with anyone.

The security during the transfer is called the Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

The procedure for exchanging public keys using SSL Certificate to enable HTTPS, SSL and TLS is called Public Key Infrastructure (PKI).

Without HTTPS, any data you enter into the site (such as your username/password, credit card or bank details, any other form submission data, etc.) will be sent plaintext and therefore susceptible to interception or eavesdropping. For this reason, you should always check that a site is using HTTPS before you enter any information.

In addition to encrypting the data transmitted between the server and your browser, TLS also authenticates the server you are connecting to and protects that transmitted data from tampering.

In short following are the differences:

  • In HTTP, URL begins with “http://” whereas URL starts with “https://”
  • HTTP uses port number 80 for communication and HTTPS uses 443
  • HTTP is considered to be unsecure and HTTPS is secure
  • Encryption is absent in HTTP and is present in HTTPS
  • HTTP does not require any certificates and HTTPS needs SSL Certificates
  • HTTP Works at Application Layer and HTTPS works at Transport Layer

No comments:

Post a Comment