HTTP and HTTPS
Today we are going to discuss two main communication protocol HTTP and HTTPS. we will take some basic concept about both.
Hypertext Transfer Protocol, or HTTP, is one of the most utilized protocols on the internet. HTTP traditionally runs on TCP port 80.
The ports can be changed for security or testing purposes, but all browsers will natively attempt to connect on port 80. HTTP is a plain text protocol designed to transfer hypertext. Its first RFC was ratified in 1997, but was later obsoleted by RFC2616 in 1999.
HTTP functions in a client/server request and response method. Generally, a client opens a browser and makes an HTTP request to a web server. The server will comply by providing whatever resources were requested via HTML, an image, and so on. Any application that accesses web content in any way is called a User Agent. This could be a browser, a mobile app, or a Search Engine Indexing Service.
There are some additional systems built to support HTTP, like caching servers. These can benefit high utilization sites by keeping static content cached for quick delivery to clients. Proxy servers often sit at the edge of an enterprise’s network. They act as a relay point for web traffic to provide filtering in Caching Services. HTTP resources are located via Uniform Resource Locators, or URLs. When requesting resources, a single connection can be used to transfer images, scripts, et cetera, which causes less latency for the transfer.
HTTP provides for several challenge response mechanisms to provide authentication. It can also employ authentication realms. This allows an authenticated user access to various authentication scopes under a single URL route. HTTP has several request methods that will perform different actions on the web server. The GET method is used to retrieve data. The HEAD method is identical to GET, but doesn’t include a response body. The POST method accept some action or information from the client.
This would be submitting a form or creating a post on a forum. The first line of an HTTP response is known as the status line, and includes a numbered status code and a text-based reason phrase. They come in five flavors, Informational, that begins with one, Successful, that begins with a two, Redirection, begins with a three, Client Error, begins with a four, and Server Error, begins with a five. HTTP is a core component of any internet connection. And with the rise of hosted browser-based services, it has become a essential.
HTTPS is a method to encrypt standard HTTP traffic. This is accomplished in layer seven of the OSI model via transport layer security, TLS, or the older secure socket layer, SSL. It creates a secure conduit for communication between the client and the server. HTTPS is commonly used for banking, online purchases, and email, or anything and everything with sensitive and private data. Today, HTTPS is also starting to be used for more common services like search engines.
Encryption in https
Encryption protects against man in the middle attacks as well as interception of sensitive information. Encrypting with HTTP and TLS adds the additional benefit of encrypting all of the underlying protocol. This means the exact url, cookies, and headers are all hidden. The encryption process hinges on digital certificates. These digital certificates contain public tokens used in the cryptographic process. They are issued by known and trusted certificate authorities, or CA’s.
A server that wishes to host the secure website must go through the certificate enrollment process. They first create a request, this request is then sent to a CA who generates a certificate. This issued certificate can then be installed on the server. Web browsers have a list of major CA’s and can verify certificates as they are presented by various websites. Of the top 150,000 websites, 30% employ some form of HTTPS. This percentage is steadily growing day by day.
HTTPS is essential for modern day web based communications. It provides the confidence necessary to transmit the most sensitive pieces of information over the internet.
Latest posts by Hamza Arif (see all)
- Wide area networks (WAN) & Metropolitan area networks (MAN) - August 18, 2018
- Understanding the Internet, intranets, and extranets - August 17, 2018
- Exploring network collisions, CSMA/CD, and CSMA/CA - August 16, 2018