Sunday, 22 April 2012

HTTP vs HTTPS: Similarities and Differences

What is HTTPS?

HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol developed by Netscape.

One can say: HTTPS = HTTP + SSL

HTTPS uses Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layering.

Need of HTTPS:

Hypertext Transfer Protocol (HTTP) is a protocol for transmitting and receiving information across the Internet. HTTP serves as a request and response procedure that all agents on the Internet follow so that information can be rapidly, easily, and accurately disseminated between servers, which hold information, and clients, who are trying to access it. You normally use HTTP when you are browsing the web, its not secure, so someone can eavesdrop on the conversation between your computer and the web server. In many cases, clients may be exchanging confidential information with a server, which needs to be secured in order to prevent unauthorized access. For this reason, https, or secure http, was developed by Netscape corporation to allow authorization and secured transactions.

Similarity between HTTP and HTTPS:

In many ways, https is identical to http, because it follows the same basic protocols. The http or https client, such as a Web browser, establishes a connection to a server on a standard port. When a server receives a request, it returns a status and a message, which may contain the requested information or indicate an error if part of the process malfunctioned. Both systems use the same Uniform Resource Identifier (URI) scheme, so that resources can be universally identified. Use of https in a URI scheme rather than http indicates that an encrypted connection is desired.

Difference between HTTP and HTTPS:

1. URL begins with “http://" in case of HTTP while the URL begins with “https://” in case of HTTPS.
2. HTTP is unsecured while HTTPS is secured.
3. HTTP uses port 80 for communication while HTTPS uses port 443 for communication.
4. HTTP operates at Application Layer while HTTPS operates at Transport Layer.
5. No encryption is there in HTTP while HTTPS uses encryption.
6. No certificates required in HTTP while certificates required in HTTPS.

How HTTPS works?

For HTTPS connection, public key and signed certificates are required for the server.
When using an https connection, the server responds to the initial connection by offering a list of encryption methods it supports. In response, the client selects a connection method, and the client and server exchange certificates to authenticate their identities. After this is done, both parties exchange the encrypted information after ensuring that both are using the same key, and the connection is closed. In order to host https connections, a server must have a public key certificate, which embeds key information with a verification of the key owner's identity. Most certificates are verified by a third party so that clients are assured that the key is secure.
In other words, we can say, HTTPS works similar to HTTP but SSL adds some spice in it.

HTTP includes the following actions:

1. The browser opens a TCP connection.
2. The browser sends a HTTP request to the server
3. The server sends a HTTP response to the browser.
4. The TCP connection is closed.

SSL will include the following actions:

1. Authenticate the server to the client.
2. Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support.
3. Optionally authenticate the client to the server.
4. Use public-key encryption techniques to generate shared secrets.
5. Establish an encrypted SSL connection.
6. Once the SSL connection is established the usual transfer of HTTP requests will continue.

Where should https be used?

HTTPS should be used in Banking Websites, Payment Gateway, Shopping Websites, Login Pages, Emails (Gmail offers HTTPS by default in Chrome browser) and Corporate Sector Websites. For example:


Beware of using Credit Card Numbers on Internet:  If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://. If it doesn't, there's no way you're going to enter sensitive information like a credit card number!

Browser integration

Most browsers display a warning if they receive an invalid certificate. Older browsers, when connecting to a site with an invalid certificate, would present the user with a dialog box asking if they wanted to continue. Newer browsers display a warning across the entire window. Newer browsers also prominently display the site's security information in the address bar. Extended validation certificates turn the address bar green in newer browsers. Most browsers also display a warning to the user when visiting a site that contains a mixture of encrypted and unencrypted content.

58 comments:

  1. Thanks mate!

    ReplyDelete
  2. Which methons do you personally choose to browse for information for your new entries and which particular search algorithms or techniques do you regularly utilize?

    ReplyDelete
  3. Thanks for giving valued information in simple words

    ReplyDelete
  4. valuable info

    ReplyDelete
  5. Its very valuable information .. Thanks mate..

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. Good stuff, somewhat complex material expressed simply.

    ReplyDelete
  8. Thanks a Lot for the information.I am having a doubt.
    I want to know whether SHTTP and HTTPS the same?Pls let me know.

    ReplyDelete
  9. SHTTP is Secure Hypertext Transfer Protocol. It is not used very much. For more information see: http://en.wikipedia.org/wiki/Secure_Hypertext_Transfer_Protocol

    ReplyDelete
  10. Thanks a lot for getting me know the difference between shttp and https.

    ReplyDelete
  11. Very Useful.. Thank you :)

    ReplyDelete
  12. really very useful info..

    ReplyDelete
  13. Nice article. I think this might be helpful to you all. I have found a quality article http://freefeast.info/general-it-articles/difference-between-http-and-https-http-vs-https/.
    Hope this is of use to you.
    Keep commenting every author needs motivation.

    ReplyDelete
  14. Thanks for great information.


    https://www.rsbl.co.in

    ReplyDelete
  15. Good information..!!

    ReplyDelete
  16. sagar sejawar16 July 2013 03:28

    thanxx a lot 4 giving me the basic difference between http & https ....
    ...it's very useful 4 me and matters..!!
    Thank You Very Much

    ReplyDelete
  17. very nicely explained...

    ReplyDelete
  18. Nice article. I was thinking of using HTTPS in my own website http://www.graburapps.com

    ReplyDelete
  19. Very Helpful Info..... :)

    ReplyDelete
  20. Really helpful information.

    Thanks.

    ReplyDelete
  21. Thanks Buddy!!!

    ReplyDelete
  22. Cool article

    ReplyDelete
  23. Very helpful information

    ReplyDelete
  24. Great knowledge

    ReplyDelete
  25. Valuable information...thanks ton.

    ReplyDelete
  26. Nice Post
    Actually HTTPs is not really a separate protocol,it is just an extension of HTTP with security layer of SSL.

    http://geekfellows.blogspot.com/2013/08/what-is-difference-between-http-and.html

    ReplyDelete
  27. gud.. Easily explained complicated information

    ReplyDelete
  28. thnks........................

    ReplyDelete
  29. Excellent!!!!

    ReplyDelete
  30. It is very useful. I got a lot of information from this. thanks alot...!!!

    ReplyDelete
  31. Really good article

    ReplyDelete
  32. Awesome way to differentiate. Thanks a lot.

    ReplyDelete
  33. useful info thanks

    ReplyDelete
  34. good article

    ReplyDelete
  35. Your business or organization will get more accurate quotes if you prepare yourself with all the above tips in advance.
    Social Media Marketing Riyadh

    ReplyDelete
  36. WIPL is a global leader in providing software solutions and it is one among the best web development company in India.

    For more info : Mobile Apps Solutions

    ReplyDelete
  37. This is very useful information shared here. I am really thankful for this. 99th.co.in

    ReplyDelete
  38. This is very useful information shared here. I am really thankful for this. 99th.co.in

    ReplyDelete
  39. thanks ....... really very useful and easily understandable

    ReplyDelete
  40. HTTPS is mostly used for ecommerce based online transaction websites for security.

    Website Design Company Bangalore | Web Development Company Bangalore

    ReplyDelete
  41. Very useful information. Thank you for sharing it. Thanks 99th.in

    ReplyDelete
  42. Very useful information. Thank you for sharing it. Thanks 99th.in

    ReplyDelete