HTTP: – Hyper Text Transfer Protocol
HTTPS: – Hyper Text Transfer Protocol Secure
In simple Words HTTP or Hypertext Transfer Protocol is a system to send and receive data between user and server and in other words HTTP and HTTPS, both are internet protocols which are used to access HTML (web) pages. Whenever we try to access a website our browser use HTTP or HTTPS (based on server configuration) protocols to show results. Let’s start with the major differences between HTTP and HTTPS.
Major Differences between HTTP and HTTPS
Hypertext Transfer Protocol
It’s Use Port 80 to communicate and to transfer data
Its looks like – http://www.sitename.com
HTTP is not a secure protocol
Data Encryption is not available
Certification not available
Application Layer Supportable
Normal websites use HTTP
Hypertext Transfer Protocol Secure
It’s Use Port 443 to communicate and to transfer data
Its looks like – https://www.sitename.com
HTTPS is a secure protocol
Data Encryption is available
Transport Layer Supportable
Used by high end websites where security is required (like Bank Account Logins, Email Logins etc)
In very simple words, we can say that HTTP is a non secure system to access websites and HTTPS is a secure version to access them. But the thing to understand is how this security works and which things makes HTTPS more secure than HTTP.
Port Difference Between HTTP and HTTPS
The very first difference between HTTP and HTTPS is they use different ports to communicate. Where Http use port 80 on the other hand https protocol use port 443 to send and receive information between server (who hold the information) and visitor (who requires that information). According to some reputed engineers 443 port is more secure than port 80 but I think Port difference is not a big deal and it’s (ports) cannot make protocol secure or insecure. Then who makes HTTPS more secure. Let’s see below.
Certification is required in HTTPS
The first thing (according to me) which makes a HTTPS server more secure is certification. Whenever we try to access some data from a HTTPS based server first it’s send a certificate to our browser and then only it’s send any information to us. Let’s see how it works.
Let’s start a session – Suppose I’m trying to access a bank’s site (abcbank.com) which is based on HTTPS. I type abcbank.com in my browser. Our browser will check that on which protocol this site is hosted (http or https) and then automatically transfer it to that protocol and request it to the server. When server receives our request then before continuing it will send a certificate to our browser and our browser will save that certificate in its memory. After getting the certificate the connection between our browser and server will secure. But do you know how? After certification whenever we access any data during the same session from the server then it (server) will check the certificate before sending any confidential or non confidential information to us which clearly means that no one (like a hacker) will able to access our confidential information during that session. server will send the data to the certificate holder only. No other person will be able to interrupt our session and will not be able to theft our data during that session.
There are two types of security layers available which can be used by HTTPs servers – SSL (Secure Shokets Layer) and TLS (Transport Layer Security).
Data Encryption method in HTTPS
Encryption is a method which is used to change text data in a secret form so that no other person (third party) can read it. There are three types of Encryption methods available which we’ll try to explain in our coming articles. let’s continue with the current topic.
The other most important feature of HTTPS is; it does encrypt the data before sending.
Note : – While exchanging certificates the https servers also send a decrypt key to the browsers. The work of this key is to decrypt the encrypted information send by the server; which means that only the certificate holder can decrypt the data and will be able to see that information in text (readable) mode.
So these are the major differences is in between HTTP and HTTPS protocols. Any suggestions or edits can be explained in comments.