WHAT IS HTTP - HackMD

# WHAT IS HTTP The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser. --- HTTP functions as a request–response protocol in the client–server computing model. A web browser, for example, may be the client and an application running on a computer hosting a website may be the server. --- The client submits an HTTP request message to the server. The server, which provides resources such as HTML files and other content, or performs other functions on behalf of the client, returns a response message to the client. The response contains completion status information about the request and may also contain requested content in its message body. --- # HOW THE HTTP WORK ![](https://i.imgur.com/PvRph7g.png) --- # WHAT IS HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the HTTP. It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or, formerly, its predecessor, Secure Sockets Layer (SSL). --- The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL. The principal motivation for HTTPS is authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering of the communication. --- # HOW HTTPS WORKS ![](https://i.imgur.com/Nl6d89x.png) --- # THE DIFFERENCE BETWEEN HTTP AND HTTPS ![](https://i.imgur.com/pPSlmAS.png) --- ![](https://i.imgur.com/Zv9WOIU.png) --- # What are TLS/SSL certificates? SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. --- The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information). It does this by making sure that any data transferred between users and sites, or between two systems remain impossible to read. --- It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses. --- TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption. --- # HOW TLS/SSL WORKS ![](https://i.imgur.com/qiFMhbC.png) --- ![](https://i.imgur.com/6Amjp1r.png)