HTTP vs HTTPS
Ganesh Ghadage
While surfing over the internet have you noticed the url of some websites starts with http:// while some websites url starts with https://. Have you wondered what is the difference between http and https. Well the simple answer to that is http provides us the capability to communicate over the internet, but it transmits in the plain text format which can be read by the third party, while https does the same but it encrypts the data before transmission so that no third party can read it i.e. https provides the additional layer of security to http. Let's deep dive into it and learn more about HTTP and HTTPS
HTTP (Hypertext Transfer Protocol) is a set of rules that allow your browser and a website’s server to communicate. When you visit a website, your browser sends a request to the server, which then responds with the requested data. However, this data is sent as plain text, making it easy for others to intercept. HTTPS (Hypertext Transfer Protocol Secure) is a more secure version of HTTP. It encrypts the data exchanged between your browser and the server, keeping it safe from hackers and ensuring secure communication.
How Does HTTP Work?
HTTP is a set of rules that help web browsers and servers communicate. It works in the application layer of the OSI model.When you visit a website, your browser sends an HTTP request to ask for data. For example:
If you want to view a webpage, your browser sends a GET request.
If you fill out a form and submit it, your browser sends a PUT request to send that data to the server.
The server then responds with an HTTP response, which includes both data and a status code. Some common status codes are:
200 (OK): The request was successful.
400 (Bad Request): There was something wrong with the request.
404 (Not Found): The requested page or resource doesn’t exist.
This request-response process happens in the background, making sure websites work smoothly for everyone.
Read more about HTTP Request-Response Cycle and Methods and Responces
When an origin server receives an HTTP request, it sends an HTTP response, which is similar:
HTTP/1.1 200 OK
Date: Wed, 30 Jan 2025 12:14:39 GMT
Server: Apache
Last-Modified: Mon, 28 Jan 2025 11:17:01 GMT
Accept-Ranges: bytes
Content-Length: 12
Vary: Accept-Encoding
Content-Type: text/plain
Hello World!
How does HTTPS protocol work?
HTTP sends data without encryption, making it easy for others to intercept and read. To fix this, HTTPS was introduced, adding security through SSL (Secure Sockets Layer) and TLS (Transport Layer Security).
For a website to use HTTPS, it must get an SSL/TLS certificate from a trusted organization called a Certificate Authority (CA). This certificate helps verify the website’s identity and enables encrypted communication between the browser and the server.
Here’s how the process works:
You visit a website using https:// in the URL.
Your browser asks the website’s server for its SSL certificate to confirm its identity.
The server sends its SSL certificate, which includes a public key for encryption.
If the certificate is valid, your browser uses the public key to encrypt a message containing a session key and sends it to the server.
The server decrypts this message using its private key, retrieves the session key, and sends back an acknowledgment.
Now, both the browser and the server use this session key to encrypt and securely exchange data.
This encryption process ensures that sensitive information, like passwords and credit card details, remains safe from hackers.
The S in HTTPS stands for "secure." HTTPS uses TLS (or SSL) to encrypt HTTP requests and responses, so in the example above, instead of the text, an attacker would see a bunch of seemingly random characters.
Instead of:
GET /hello.txt HTTP/1.1
User-Agent: curl/7.63.0 libcurl/7.63.0 OpenSSL/1.1.l zlib/1.2.11
Host: www.example.com
Accept-Language: en
The attacker sees something like:
t8Fw6T8UV81pQfyhDkhebbz7+oiwldr1j2gHBB3L3RFTRsQCpaSnSBZ78Vme+DpDVJPvZdZUZHpzbbcqmSW1+3xXGsERHg9YDmpYk0VVDiRvw1H5miNieJeJ/FNUjgH0BmVRWII6+T4MnDwm
Why Choose HTTPS Over HTTP?
Next, we’ll discuss some benefits of HTTPS over HTTP.
Better Security :
HTTP sends data as plain text, making it easy for hackers to see or steal information. In contrast, HTTPS encrypts data, keeping sensitive details like credit card numbers and personal info safe from attackers.
More Trust and Credibility :
Search engines rank HTTPS websites higher because they are more secure. Users also trust HTTPS sites more because browsers show a padlock icon in the address bar, indicating a safe connection.
Faster Performance and Better Tracking
Websites using HTTPS load faster than those using HTTP. Also, HTTPS improves website tracking, helping businesses accurately analyze visitor sources like social media and ads.
Using HTTPS makes websites more secure, trustworthy, and efficient.
How Does TLS/SSL Encryption Work?
TLS uses public key cryptography:
Public key: Shared via the server’s SSL certificate.
Private key: Kept secret by the server.
Session keys: Generated by the client and server to encrypt the communication.
Once a secure connection is established, all HTTP requests and responses are encrypted, ensuring privacy and security.
Head-to-Head of HTTP vs HTTPS
Refrences
Summary
The article explores the differences between HTTP and HTTPS, highlighting the importance of secure communication over the internet. HTTP transmits data in plain text, which can be intercepted by third parties, while HTTPS encrypts the data, providing enhanced security. The article explains how HTTP and HTTPS operate, the role of SSL/TLS certificates in HTTPS, and the benefits of using HTTPS, such as better security, increased trust and credibility, and improved website performance. Additionally, it delves into the technical aspects of TLS/SSL encryption and its significance in protecting sensitive information online.
Subscribe to my newsletter
Read articles from Ganesh Ghadage directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by