HTTPS vs HTTP

Hypertext Transfer Protocol (http) is a system for transmitting and receiving information across the internet. When you type any web address in your web browser, your browser acts as a client, and the computer having the requested information acts as a server.

http allows you quick and easy transmission of information but it is not secure.
For many purpose, such as an article website this lack of security is of no importance. However for a website that needs to collect delicate information such as credit card number, then a more secure protocol is an important prerequisite.

What is HTTPS ?

In order to prevent unauthorized access, HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) , a protocol was developed by Netscape. HTTPS uses SSL as a sub-layer under its regular HTTP application layering.

SSL uses a cryptographic system that uses two keys to encrypt data – a public key known to everyone and a private or secret key known only to the recipient of the message.

It is more secure way of sending request to server from a client, In which the communication purely encrypted which means no one can know what you are looking for.

For HTTPS connection public key trusted and signed certificate is required for the server. These comes either free or costs few dollars depending on the signing authority.

Similarity between HTTP and HTTPS

In many ways https is identical to http as it follows same basic protocol. Both HTTP and HTTPS client establishes a connection to server on standard port. When server receives a request it returns a message containing the required message. Both systems use the same Uniform Resource Identifier (URO) scheme so that it is universally identified.

Difference between HTTP and HTTPS

HTTP

HTTPS

URL begins with “http://”

URL begins with “https://”

Unsecured

Secured

Uses Port 80 for communication

HTTPS uses 443 for communication

Operates at Application Layer

Operates at Transport Layer(TLP)

No Encryption Technique used

Uses Encryption

No certificate Required

Certificate is Required.


How HTTPS works ?

At the time of https connection, the server responds to initial connection by offering a list of encryption methods it supports. In response, the client uses a connection method and server and client exchange certificates to authenticate their identities. Now both parties exchange the encrypted information after ensuring that both are using the same key and the connection is closed.

Https connection requires use of public key certificate having the key information with a verification of key owner’s identity. In other words we can say that HTTPS work similar to HTTP only SSL adds some spice in it.

Where HTTPS should be used ?

HTTPS is used in many situations including Banking Website, Payment Gateway , Shopping  Websites , Emails and Corporate Sector Website. While using your Credit Cards numbers on internet, make sure that the web address begins with https:// .If not try to avoid giving your sensitive information like credit card number.

Most newer browsers display a warning across the entire window if they receive an invalid certificate from the server. Some old browser offers a choice to user by presenting a dialog box asking user if they want to continue or not.

Modern browsers also display a “lock” icon in the status bar or, possibly, in the address field, when a secure https website is being accessed. Generally, you can click on the lock icon to display more information about the secure website.

Leave a Reply