CrazyEngineers
CrazyEngineers

  • What is the difference between http and https?

    safwan

    Member

    Updated: Oct 26, 2024
    Views: 1.1K
    Hi ,
    we students specially in 11 & 12 class come across varous terms like http and https .
    but actualyy i know full form (hyper text transfer protocol)
    but what is difference between http and https.
    means if we add "s" to http what make differece.
    recently i got an email even i posted on my blog but i am not soure about it .
    0
    Replies
Howdy guest!
Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.
Replies

  • Yamini L

    MemberMar 5, 2009

    HTTP(Hpertext Transfer Protocol) is a protocol used in application layer for transmitting and retrieving information across internet.Http request could be sent and you get a response for that..

    HTTPS(hypertext Transfer Protocol Secure) works by transmitting normal http interactions through an encrypted system and the information cannot be accessed by any party other than the client and end server. Two types of encryption layer available are Transport Layer Security (TLS) and Secure Sockets Layer (SSL), both of which encode the data records being exchanged.

    Default Port number for HTTP is 80 and for HTTPS it is 443..
    Are you sure? This action cannot be undone.
    Cancel

  • zia.sepsis

    MemberMar 5, 2009

    miniy
    HTTP(Hpertext Transfer Protocol) is a protocol used in application layer for transmitting and retrieving information across internet.Http request could be sent and you get a response for that..

    HTTPS(hypertext Transfer Protocol Secure) works by transmitting normal http interactions through an encrypted system and the information cannot be accessed by any party other than the client and end server. Two types of encryption layer available are Transport Layer Security (TLS) and Secure Sockets Layer (SSL), both of which encode the data records being exchanged.

    Default Port number for HTTP is 80 and for HTTPS it is 443..
    Thanks miny. Nice information
    Are you sure? This action cannot be undone.
    Cancel

  • safwan

    MemberMar 5, 2009

    thanks miniy good information.😎
    Are you sure? This action cannot be undone.
    Cancel

  • Sachin Jain

    MemberOct 22, 2010

    @miny
    Very nice info but m having some doubt..please clarify it
    How does the receiver know which of the two (SSL or TLS) encyrption is used ?
    Are you sure? This action cannot be undone.
    Cancel

  • Munguti

    MemberOct 22, 2010

    @bluderboy, the unique ports used will tell the reciever or server whether its HTTP-port 80 or HTTPS-port 443. This ports are unique and consistent. The also separate services such as mail, DNS and other applications and are used for managing sessions. You should read more on ports
    Are you sure? This action cannot be undone.
    Cancel

  • lovejeet

    MemberOct 24, 2010

    and please wat difference both makes if we use them.........................
    Are you sure? This action cannot be undone.
    Cancel

  • lovejeet

    MemberOct 25, 2010

    ya, that i got...............so why isn't it dat https should b mostly used??? plz enumerate all the differences on d basis of use n limitations n all............
    Are you sure? This action cannot be undone.
    Cancel

  • Ankita Katdare

    AdministratorFeb 4, 2016

    lovejeet
    ya, that i got...............so why isn't it dat https should b mostly used??? plz enumerate all the differences on d basis of use n limitations n all............
    Since it is one of the most important questions that has been left unanswered, I thought I should list down my answer here.

    If you want the short point-by-point answer, here we go -

    HTTP (or Hyper Text Transfer Protocol)
    1. It is an unsecured connection.
    2. There is no encryption.
    3. No certificates are required.
    4. The website URL begins with https://
    5. It uses port 80 for communication.
    6. Operates at Application Layer of the OSI network model.
    HTTPS (or Hyper Text Transfer Protocol Secure)
    1. It is an secured connection.
    2. It is an encrypted connection.
    3. No certificates are required.
    4. URL begins with “#-Link-Snipped-#
    5. It uses port 443 for communication
    6. Operates at Transport Layer of the OSI network model.
    If you want the long answer, read on -

    HTTP is the name of the protocol used to send & receive information over the internet. It turns out that when thousands of websites were getting built on the internet, many website owners wanted to exchange confidential information across different websites through a server. With HTTP protocol information would be accessed without secure authorisation. Therefore, Netscape corporation decided to create HTTPS, the secure version of HTTP to allow authorisation and secured transactions.

    HTTPS is a lot similar to HTTP as it follows the same basic protocols. They operate by a website URL sending information request to server which then responds with the status and a message. The status could be positive or negative depending upon the request.

    Since HTTP or HTTPS is a part of the URL, the form of request changes. If HTTPS is used instead of HTTP in a URL, the server knows that an 'encrypted' connection is being requested.

    HTTPS connection is typically desired in following scenarios:
    1. Log-in pages of websites
    2. Secure banking related transacations
    3. Corporate log-ins
    4. Websites where confidential information is exchanged between users and admin etc.
    Are you sure? This action cannot be undone.
    Cancel

  • TurtleDove

    MemberMar 21, 2016

    Http and Https both are the part of Url, and its uses the same protocol. The only difference between them is https is secured as the data requested or sent is in "ENCRYPTED".
    Are you sure? This action cannot be undone.
    Cancel

  • Stephen B Johnson

    MemberAug 5, 2016

    Start wireshark, tcpdump, or whatever packet capture tool you have access to and capture some packet transfers for #-Link-Snipped-# (which will use port 80) and #-Link-Snipped-# (which will use port 443).

    You will see the content using https:// (port 443) is all encrypted.
    Are you sure? This action cannot be undone.
    Cancel

  • Ken Peterson

    MemberMar 30, 2017

    HTTP stands for Hypertext Transfer Protocol. This protocol allows communication between different systems. When you type any web address, your browser acts as a client and the computer act as a server. HTTP uses TCP (Transmission Control Protocol), generally over port 80, to send and receive data packets over the web.
    How it functions?
    The client sends a request message to a HTTP server which hosts a website, the server then replies with the response message that contains completion status information, such as “HTTP/1.1 200 OK”.

    HTTPS stands for Hypertext Transfer Protocol Secure. This protocol allows a secure communication between different systems. It encrypts all data during the communication. HTTPS also uses TCP (Transmission Control Protocol) to send and receive data packets, but it does so over port 443, within a connection encrypted by Transport Layer Security (TLS).
    Are you sure? This action cannot be undone.
    Cancel

  • yogevo

    MemberJun 10, 2017

    This is the awesome website for students like me.
    Are you sure? This action cannot be undone.
    Cancel

  • rajmanisha

    MemberJul 5, 2017

    http is a unsecured connection while https is an encrypted secured connection.
    Are you sure? This action cannot be undone.
    Cancel

  • Rahul Jamgade

    MemberAug 21, 2017

    Ankita Katdare
    Since it is one of the most important questions that has been left unanswered, I thought I should list down my answer here.

    If you want the short point-by-point answer, here we go -

    HTTP (or Hyper Text Transfer Protocol)
    1. It is an unsecured connection.
    2. There is no encryption.
    3. No certificates are required.
    4. The website URL begins with https://
    5. It uses port 80 for communication.
    6. Operates at Application Layer of the OSI network model.
    HTTPS (or Hyper Text Transfer Protocol Secure)
    1. It is an secured connection.
    2. It is an encrypted connection.
    3. No certificates are required.
    4. URL begins with “#-Link-Snipped-#
    5. It uses port 443 for communication
    6. Operates at Transport Layer of the OSI network model.
    If you want the long answer, read on -

    HTTP is the name of the protocol used to send & receive information over the internet. It turns out that when thousands of websites were getting built on the internet, many website owners wanted to exchange confidential information across different websites through a server. With HTTP protocol information would be accessed without secure authorisation. Therefore, Netscape corporation decided to create HTTPS, the secure version of HTTP to allow authorisation and secured transactions.

    HTTPS is a lot similar to HTTP as it follows the same basic protocols. They operate by a website URL sending information request to server which then responds with the status and a message. The status could be positive or negative depending upon the request.

    Since HTTP or HTTPS is a part of the URL, the form of request changes. If HTTPS is used instead of HTTP in a URL, the server knows that an 'encrypted' connection is being requested.

    HTTPS connection is typically desired in following scenarios:
    1. Log-in pages of websites
    2. Secure banking related transacations
    3. Corporate log-ins
    4. Websites where confidential information is exchanged between users and admin etc.

    Minor Correction and adding few additional points:
    1. https require certificate . It could be issued by CA (Certificate Authority) or Self Signed.
    2.TLS works above the transport layer in the OSI model
    3. port 80 and port 443 are default ports for http and https. However you can change the ports at your will (by admin of the website), provided the ports are free.
    4. Though https is used for secure communication and was believed to be unbreakable, however there are ways by which the data can be read.In this case the user or victim can be tricked easily so that data can be sniffed.
    5. SSLv2 and SSLv3 are broken , so should not be used.
    Are you sure? This action cannot be undone.
    Cancel

  • Radhika Deshpande

    MemberOct 4, 2018

    Can we set http and https on same port?

    Are you sure? This action cannot be undone.
    Cancel

  • Kaustubh Katdare

    AdministratorOct 4, 2018

    Interesting question, #-Link-Snipped-# . To the best of my knowledge, running http and https on the same port is *not* possible with Apache. I think that's because there's some port-blocking.

    However, with NGINX, it's possible to run both http and https on the same port. It is likely to require patching; which I'd not recommend as it creates issues at the time of upgrading the web server.

    Here's a solution that I found on the server that seems to work with NGINX:

    Add ssl on; and error_page 497 $request_uri; to your server definition.

    Give it a try; but don't on a live or production server. You're likely to mess things up. Try this on a local installation and let me know what you observe. It'd be something very interesting. 

    Are you sure? This action cannot be undone.
    Cancel
Home Channels Search Login Register