Understanding the HTTP and HTTPS communication

HTTP and HTTPS

Today we are going to discuss two main communication protocol HTTP and HTTPS. we will take some basic concept about both.



  1. HTTP
  2. HTTPS

HTTP

Hypertext Transfer Protocol, or HTTP, is one of the most utilized protocols on the internet. HTTP traditionally runs on TCP port 80.




The ports can be changed for security or testing purposes, but all browsers will natively attempt to connect on port 80. HTTP is a plain text protocol designed to transfer hypertext. Its first RFC was ratified in 1997, but was later obsoleted by RFC2616 in 1999.



client/server

HTTP functions in a client/server request and response method. Generally, a client opens a browser and makes an HTTP request to a web server. The server will comply by providing whatever resources were requested via HTML, an image, and so on. Any application that accesses web content in any way is called a User Agent. This could be a browser, a mobile app, or a Search Engine Indexing Service.



There are some additional systems built to support HTTP, like caching servers. These can benefit high utilization sites by keeping static content cached for quick delivery to clients. Proxy servers often sit at the edge of an enterprise’s network. They act as a relay point for web traffic to provide filtering in Caching Services. HTTP resources are located via Uniform Resource Locators, or URLs. When requesting resources, a single connection can be used to transfer images, scripts, et cetera, which causes less latency for the transfer.

Authentication mechanisms

HTTP provides for several challenge response mechanisms to provide authentication. It can also employ authentication realms. This allows an authenticated user access to various authentication scopes under a single URL route. HTTP has several request methods that will perform different actions on the web server. The GET method is used to retrieve data. The HEAD method is identical to GET, but doesn’t include a response body. The POST method accept some action or information from the client.

Status line

This would be submitting a form or creating a post on a forum. The first line of an HTTP response is known as the status line, and includes a numbered status code and a text-based reason phrase. They come in five flavors, Informational, that begins with one, Successful, that begins with a two, Redirection, begins with a three, Client Error, begins with a four, and Server Error, begins with a five. HTTP is a core component of any internet connection. And with the rise of hosted browser-based services, it has become a essential.

HTTPS

HTTPS is a method to encrypt standard HTTP traffic. This is accomplished in layer seven of the OSI model via transport layer security, TLS, or the older secure socket layer, SSL. It creates a secure conduit for communication between the client and the server. HTTPS is commonly used for banking, online purchases, and email, or anything and everything with sensitive and private data. Today, HTTPS is also starting to be used for more common services like search engines.

Encryption in https

Encryption protects against man in the middle attacks as well as interception of sensitive information. Encrypting with HTTP and TLS adds the additional benefit of encrypting all of the underlying protocol. This means the exact url, cookies, and headers are all hidden. The encryption process hinges on digital certificates. These digital certificates contain public tokens used in the cryptographic process. They are issued by known and trusted certificate authorities, or CA’s.

Certificate enrollment

A server that wishes to host the secure website must go through the certificate enrollment process. They first create a request, this request is then sent to a CA who generates a certificate. This issued certificate can then be installed on the server. Web browsers have a list of major CA’s and can verify certificates as they are presented by various websites. Of the top 150,000 websites, 30% employ some form of HTTPS. This percentage is steadily growing day by day.

HTTPS is essential for modern day web based communications. It provides the confidence necessary to transmit the most sensitive pieces of information over the internet.



Hamza Arif
Follow us

Hamza Arif

Hey, i hamza arif student of telecommunication from BZU, i am good in Networking, Telecommunication and Web Development working on different projects and try my best to teach them to all of you.
Hamza Arif
Follow us

Leave a comment

Your email address will not be published. Required fields are marked *