HTTP
|
HTTPS
|
| Hypertext transfer protocol(HTTP) is the mode of communication used in internet browsers where data transfers to and fro user and server |
Secured Hypertext Transfer Protocol(HTTPS) is a secured mode of communication where data transfer happens using encryption |
| When using http, first a connection is created between the web browser and the server. Then a request is generated which flows to the server. In response the server sends back any message or result of the request. The request and response follows the same URI scheme |
When using https, first the server sends a list of supported encryption methods to create connection. The client selects any one method from the list. Then they exchange their certificates for authentication. Once connection is created, the encrypted information get transferred between client and server. For this the same key is used between the two. After the data transfer is complete the connection is closed |
| If a communication is based on HTTP, the url has https:// at the beginning.For example: https://www.example.com/index.html |
For HTTPS communication, url starts with https://For example: https://www.google.co.in/ |
| The data transfer in http occurs using Transmission Control Protocol (TCP) port number 80 by default. No other port has the access to it |
Https uses Transmission Control Protocol (TCP) port number 443 for enabling communicate. It is the default port and cannot be altered |
| It is unsecured as it does not follow any authentication during its communication. Thus it is easily accessible |
It is much secured as it uses secured way to communicate |
| It does not follow any encryption. Hence information has the change to be hacked |
HTTPS communication needs an encrypted format for data transfer |
| It does not require any certificate to be installed for communication. Thus it is much simple way to transfer data |
It follows SSL (Secured Socket Layer) protocol wherein all the confidential information like username, passwords, credit card numbers, social security ids etc. are transferred in a secured and encrypted manner |
| HTTP performs its operation in application layer. Application layer helps in communication using shared protocols. It is basically an abstract layer |
HTTPS performs its operation in transport layer. Transport layer in computer networking is the layer in which end-to-end data transfer takes place |
| In HTTP, the user sends data and the receiver receives it, irrespective of how the data flow is happening. Http is not concerned with how data is being transferred from start point to end point |
In HTTPS, SSL differentiates the identity between a sender and a receiver. Thus starting and ending points are unique. Moreover the data flows in a very secured and encoded form, The SSL uses algorithms to encapsulate the data by hiding its original meaning |
| It is less expensive as it does not require any security certificates. Moreover it does not use SSL for data flow. Thus any website can go for http easily |
HTTPS is more expensive as the encrypted certificates cost high. Thus many websites are not migrated to https yet |
| It has the ability to cache. Hence it is user friendly |
It does not allow to cache thus many websites avoid using it |
| Performance wise it is bit faster |
It becomes slower due to the encryption method used in SSL |
| It works smoothly in virtual hosts i.e. the less expensive host provider that uses a single server to generate multiple websites |
HTTPS does not work in virtual host. For each website using https, the host must be unique. This approach is to maintain security |
| In short, HTTP is the basic protocol used for data transfer |
Precisely, HTTPS is basically an http with a much more secured approach |
