- slide 1 of 4
What is HTTP
As you begin to do a comparison on HTTP vs. HTTPS you need to know what they really are. HTTP and HTTPS are protocols used by web browsers to access content in the form of web pages. HTTP stands for Hypertext Transfer Protocol which is basically a network protocol for exchange of information in the various forms such as test, images, audio, video and several other forms. This information or data is passed back and forth between web browsers and web servers based on headers that describe how that information is to be transferred back and forth. For example it may not be appropriate to transfer large amounts of data embedded in a URL from a web form while little amounts of data such as user Ids session keys can be passed in the URL.
- slide 2 of 4
SSL stands for Secure Sockets Layer and is the predecessor to TSL which stands for Transport Layer Security. These are cryptographic protocols. Their main use is to provide security over the communication that is passed back and forth over the Internet. This is vital to protect sensitive data from unwanted sniffers.
In a nutshell security over these protocols is guaranteed through a procedure and series of checks. It starts out with the web browsers sending supported hash functions and suites and the server responds with the appropriate one that it also supports. The server identifies itself with a digital certificate. The browser contacts the issuer of the certificate to verify its authenticity. Once this is taken care of the web browser uses the servers public key to encrypt a random number that only the server can decrypt and this forms the basis for the encrypted communication between the web browser and the server.
This brings us to the question of what has all this got to do with HTTP and HTTPS? To answer the question let us take a look at HTTPS
- slide 3 of 4
HTTPS stands for Hypertext Transfer Protocol Secure. This is a protocol that serves the same purpose as HTTP but with added responsibilities. These responsibilities are tied in with SSL/TSL. Therefore Hypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol that is vital for providing a better communications security pipeline over the Internet which is insecure by nature. With that understanding we can now look at the differences.
- slide 4 of 4
HTTP communication is served through port 80 while HTTPS is served through port 443. The other noticeable differences is that URLs for HTTP start with the http prefix while HTTPS starts with the https prefix. HTTPS communication relies on the digital certificates provided for by the server without which you will have to access the website using HTTP. In HTTPS there is trust between the server and web browser unlike in HTTP. In HTTPS the information transmitted is encrypted while in HTTP it is not.
So when doing a comparison between HTTP vs HTTPS these are the key differences that are relevant to the two protocols from a user perspective.