What is the Difference Between Http and Https?

http is hyper text transfer protocol which is responsibleensures reasonable protection from eavesdroppers
for transmitting and receiving information across theand (provided it is implemented properly and the top
Internet where as https is secure http, which is usedlevel certification authorities do their job properly)
exchanging confidential information with a server,man-in-the-middle attacks.
which needs to be secured in order to preventThe default TCP port of an https: URL is 443 (for
unauthorized access.unsecured HTTP, the default is 80). To prepare a
HTTP is Hyper Text Transport Protocol and isweb-server for accepting https connections the
transmitted over the wire via PORT 80(TCP). Youadministrator must create a public key certificate for
normally use HTTP when you are browsing the web,the web-server. These certificates can be created for
it's not secure, and so someone can eavesdrop on theLinux based servers with tools such as Open SSL's
conversation between your computer and the webssl or SuSE's gensslcert. This certificate must be
server. HTTP can support the client asking for asigned by a certificate authority of one form or
particular file to be sent only if it has been updatedanother, who certifies that the certificate holder is who
after a certain date and time. This would be used if thethey say they are. Web browsers are generally
client has already retrieved a copy of a file by thatdistributed with the signing certificates of major
name from that server, but wants to check to see if itcertificate authorities, so that they can verify
has been updated since then. The server respondscertificates signed by them.
either with the updated file, with a message to say theMain Features
file has not been changed, or with a message that theDedicated to HTTP protocol, show a wide range of
file no longer exists.HTTP related information, request and response
HTTPS (Hypertext Transfer Protocol over Secureheader, content, sent and received cookies, stream,
Socket Layer or HTTP over SSL) is a Web protocolquery strings, post form values…
developed by Netscape and built into its browser thatRequest builder, Users can handcraft an HTTP
encrypts and decrypts user page requests as well asrequest by using the HTTP Request Builder, or they
the pages that are returned by the Web server.can use a drag-and-drop operation to move an
HTTPS is really just the use of Netscape's Secureexisting request from the session grid to the Request
Socket Layer (SSL) as a sub layer under its regularBuilder to execute it again.
HTTP application layering. (HTTPS uses port 443Hex Viewer allows users to view and edit binary files
instead of HTTP port 80 in its interactions with thein hexadecimal and textual format. New
lower layer, TCP/IP.) SSL uses a 40-bit key size forDisplays Winsock traffic originating from Java applets
the RC4 stream encryption algorithm, new-ageand JavaScript embedded in a Web page, displays
browsers use 128-bit key size which is more secureWinsock traffic originating from ActiveX controls and
than the former, it is considered an adequate degreeCOM objects instanced by an application (Stand-alone
of encryption for commercial exchange. HTTPS isEdition Only)
normally used in login pages, shopping/commercial sites."Before request and after response" browser cache
How it Workcomparisons
Https is not a separate protocol, but refers to theSupport HTTPS, show you unencrypted data sent
combination of a normal HTTP interaction over anover HTTPS / SSL connections, HTTPS is available if
encrypted Secure Sockets Layer (SSL) or Transportthe application uses the Microsoft WININET API (ex. ie,
Layer Security (TLS) transport mechanism. Thisoutlook) or Mozilla NSS API. (ex.