HTTPS protocol

The HTTPS protocol is an extension of HTTP (Hypertext Transfer Protocol), which provides secure communication

HTTP is not secure by design.

When you open your browser and ask the web server to send you a web page, your data performs 2 trips: 1 time from the browser to the web server, and 1 time from the web server to the browser.

Then, depending on the content of the web page, you may need more connections to get CSS files, JavaScript files, images, etc.

During any of these connections, any network your data will traverse can beCheckedwithmanipulate.

The results can be serious: you may not even know that all network activities that a third party exists are monitored and recorded by the third party.May inject ads, And you may be subject to a man-in-the-middle attack, which is a security threat in which an attacker can manipulate your data and even simulate your computer through the network. It is very easy for someone to only listen to HTTP packets transmitted over public unencrypted Wi-Fi networks.

HTTPS aims to solve the problem fundamentally: the entire communication between the browser and the web server is encrypted.

Privacy and security are the main concerns of the Internet today. A few years ago, using only encrypted connections in login-protected pages or in the e-commerce checkout process can get out of trouble. In addition, due to the pricing and complexity of SSL certificates, most websites only use HTTP.

Today, HTTPS must be used on any site. Now, more than 50% of the entire Web uses it. Google Chrome recently started marking HTTP sites as insecure, which is a valid reason to enforce (mandatory) HTTPS on all sites.

When using HTTP, the default server port is 80, and on HTTPS it is 443. Of course, if the server uses the default port, there is no need to add it explicitly.

HTTPS is sometimes calledHTTP over SSL, OrHTTP over TLS.

The difference between the two is simple: TLS is the successor to SSL.

When using HTTPS, the only things that are not encrypted are the web server domain and server port.

All other information (including resource paths, headers, cookies and query parameters) are encrypted.

I will not analyze in detail how the TLS protocol works behind the scenes, but you might think it adds a lotElevated, Then you are right.

Any calculations added to the processing of network resources will result in overhead in the size of the client, server, and transmitted data packets.

However, HTTPS allows the use of the latest protocolHTTP/2, It has a huge advantage over HTTP/1.1: faster.

why? There are many reasons, one is header compression, and the other is resource reuse. One is server push: When a resource is requested, the server can push more resources. Therefore, if the browser requests a page, it will also receive all the required resources (images, CSS, JS).

In addition to the details, HTTP/2 is a huge improvement over HTTP/1.1It requires HTTPS. This means that despite the encryption overhead, if HTTPS is properly configured with modern settings, HTTPS will be much faster than HTTP.


More web tutorials: