Hypertext transfer protocol(HTTP) is the mode of communication used in internet browsers where data transfers to and fro user and server Secured Hypertext Transfer Protocol(HTTPS) is a secured mode of communication where data transfer happens using encryption
When using http, first a connection is created between the web browser and the server. Then a request is generated which flows to the server. In response the server sends back any message or result of the request. The request and response follows the same URI scheme When using https, first the server sends a list of supported encryption methods to create connection. The client selects any one method from the list. Then they exchange their certificates for authentication. Once connection is created, the encrypted information get transferred between client and server. For this the same key is used between the two. After the data transfer is complete the connection is closed
If a communication is based on HTTP, the url has https:// at the beginning.For example: For HTTPS communication, url starts with https://For example:
The data transfer in http occurs using Transmission Control Protocol (TCP) port number 80 by default. No other port has the access to it Https uses Transmission Control Protocol (TCP) port number 443 for enabling communicate. It is the default port and cannot be altered
It is unsecured as it does not follow any authentication during its communication. Thus it is easily accessible It is much secured as it uses secured way to communicate
It does not follow any encryption. Hence information has the change to be hacked HTTPS communication needs an encrypted format for data transfer
It does not require any certificate to be installed for communication. Thus it is much simple way to transfer data It follows SSL (Secured Socket Layer) protocol wherein all the confidential information like username, passwords, credit card numbers, social security ids etc. are transferred in a secured and encrypted manner
HTTP performs its operation in application layer. Application layer helps in communication using shared protocols. It is basically an abstract layer HTTPS performs its operation in transport layer. Transport layer in computer networking is the layer in which end-to-end data transfer takes place
In HTTP, the user sends data and the receiver receives it, irrespective of how the data flow is happening. Http is not concerned with how data is being transferred from start point to end point In HTTPS, SSL differentiates the identity between a sender and a receiver. Thus starting and ending points are unique. Moreover the data flows in a very secured and encoded form, The SSL uses algorithms to encapsulate the data by hiding its original meaning
It is less expensive as it does not require any security certificates. Moreover it does not use SSL for data flow. Thus any website can go for http easily HTTPS is more expensive as the encrypted certificates cost high. Thus many websites are not migrated to https yet
It has the ability to cache. Hence it is user friendly It does not allow to cache thus many websites avoid using it
Performance wise it is bit faster It becomes slower due to the encryption method used in SSL
It works smoothly in virtual hosts i.e. the less expensive host provider that uses a single server to generate multiple websites HTTPS does not work in virtual host. For each website using https, the host must be unique. This approach is to maintain security
In short, HTTP is the basic protocol used for data transfer Precisely, HTTPS is basically an http with a much more secured approach