HTTP vs HTTPS | difference between HTTP and HTTPS
This page compares HTTP vs HTTPS describes difference between HTTP and HTTPS. HTTP stands for Hyper Text Transfer Protocol and HTTPS stands for Hyper Text Transfer Protocol Secure.
HTTP-Hyper Text Transfer Protocol
Figure-1 depicts simple HTTP connection between client (web user) and web server. As shown this is unsecured HTTP connection and hence prone to intrusion or attack by the hackers. It uses normal TCP/IP and UDP protocols. The normal IP header header is used for routing and data is not encrypted before transmission.
HTTPS-Hyper Text Transfer Protocol Secure
Figure-2 depicts secured HTTPS connection between client (web user) and web server. As shown, as this is secured HTTPS connection in which data is encrypted before transmission, the data is safe for transportation over the connection. This data can not be intruded or attacked by any hackers. Various tunneling protocols are used in order to provide security at layer-2 (data link layer), layer-3 (network layer) and layer-4 (transport layer). IPsec protocol is used at layer-3. TLS/SSL protocols are used at layer-4 i.e. transport layer.
HTTPS uses SSL certificates in order to encrypt the data to be transmitted with the use of public key. Owner of public key can share the key with anyone using the SSL certificate. There is another key known as private key used for encryption process.
Following is the tabular difference between HTTP and HTTPS.
|Full Form||Hyper Text Transfer Protocol||Hyper Text Transfer Protocol Secure|
|Definition||HTTP is used for unsecured communication over internet.||HTTPS is used for secured communication over computer network used as internet.|
|Scrambling||HTTP do not scramble the data to be transmitted using code, hence there is a chance that transmitted information is prone to hacking by intruders or hackers.||HTTPS scramble the data with code before transmission and does reverse at receiver to recover back the original data. Hence transmitted information is secure and can not be hacked.|
|Security protocols||Do not use any security protocols.||It uses security protocols at transport layer SSL/TSL and also at layer-2 and layer-3.|
|Authentication, Privacy, Integrity||Do not support all these.||Support all these, provide authentication of websites visited by visitor. It also provides privacy and integrity of the data exchanged between client and server.|
|Applications||HTTP is used for normal web browsing, email messenger applications.||HTTPS is mainly used for payment and banking transactions on world wide web (www) , official email transfer and other sensitive transactions done by corporate companies.|
|Port number||It uses port number 80 or 8080.||It uses port number 443.|
|Protocol used||It operates at TCP/IP model.||HTTPS is not a separate protocol, it operates using ordinary HTTP but over encrypted TLS/SSL connection.|
|Reference RFCs||It uses RFC 2616, RFC 7230, RFC 7231||It uses RFC 2818, RFC 5246|