What is HTTP/HTTPS Protocols

Understanding HTTP and HTTPS Protocols and SSL/TLS Security.

Sumit Raskar's photo
Sumit Raskar
·

4 min read

Table of contents

HTTP

Hypertext Transfer Protocol or HTTP is the backbone of Internet communication. Hypertext is nothing but refers to hyperlinks to other resources on the page. HTTP functions as a Request-Response Cycle in a client-server architecture, without HTTP all these functions like file sharing, media streaming, messaging, and sending an email wouldn’t have been possible.

Let’s see an example, A browser (client) sends a web page request to a server and then the server processes the request and sends it back to the client is called a request-response server. All these are possible because of HTTP. HTTP is an application layer protocol of the OSI Model.

HTTP is a stateless protocol, which means that whenever you visit a page and then revisit the same page later, it treats you as a new user.

HTTPS

It is an extension of the HTTP. It uses encryption for secure communication. The “S” in the HTTPS refers to Secured. HTTPS communication is encrypted using TLS/SSL. So this protocol is also referred as HTTP over TLS or HTTP over SSL. HTTPS creates a secure channel over the unsecured network because of which HTTPS is protected from attacks like eavesdroppers and man-in-the-middle. Around 80% of the world’s websites are running on HTTPS but it doesn't mean that HTTP 1 is outdated there are still websites that run on HTTP.

HTTP vs HTTPS

FeatureHTTPHTTPS
Full FormHyper Text Transfer ProtocolHyper Text Transfer Protocol Secure
SecurityData is transferred in plain text.Data is encrypted using SSL/TLS
EncryptionNot encryptedEncrypted for confidentiality and integrity
URL Structurehttp://https://

SSL and TLS

SSL

SSL known as Secure Socket Layer is an Internet Security Protocol used by HTTPS. SSL is an older version of TLS. So what SSl do is to encrypt data between Client and Server. SSL includes confidentiality, Integrity, and Authentication. To maintain confidentiality, SSL uses encryption; for integrity, it uses hashing; and for authentication, SSL uses certificates.

  • Encryption- Converting plain text into coded information called “Cipher text”.

  • Hashing- Refers to the process of using a hash function on data to produce a fixed-size output.

  • Certificate- It is a digital document used to establish the authenticity of the website. The certificate contains the signature of the Certificate authority and the public key for encryption purposes.

TLS

Transport Layer Security is a cryptographic protocol designed to provide secure communication over a computer network. It is the successor to SSL (Secure Sockets Layer) and is used extensively to protect data privacy, integrity, and authenticity in modern Internet communications. TLS ensures that data transmitted between two systems, such as a client and a server, remains private and secure.

Common HTTP Codes

HTTP codes are used to state whether the HTTP request you made is successful or failed. There are 5 categories of HTTP Codes.

  1. Informational responses (ranging from 100-199)

  2. Successful responses (ranging from 200-299)

  3. Redirection messages (ranging from 300-399)

  4. Client error responses (ranging from 400-499)

  5. Server error responses (ranging from 500-599)

Let us have a look at the most commonly used HTTP Codes.

  1. 200 OK: The request was successful, and the server has sent back the requested data.

  2. 400 Bad Request: The request is invalid or malformed.

  3. 401 Unauthorized: Authentication is required to access the resource.

  4. 403 Forbidden: The server understands the request but refuses to authorize it.

  5. 500 Internal Server Error: The server encountered an error while processing the request.

HTTP Methods

HTTP methods are also known as HTTP Verbs. By using these methods we can perform operations on HTTP Protocol. Like getting a resource from the server and putting some data in the server. Let's take a closer look at the methods.

  1. GET

    The GET method requests a representation of the specified resource. Requests using GET should only retrieve data and should not contain a request content.

  2. HEAD

    The HEAD method asks for a response identical to a GET request but without a response body.

  3. PUT

    The PUT method replaces all current representations of the target resource with the requested content.

  4. POST

    The POST method submits an entity to the specified resource, often causing a change in state or side effects on the server.

  5. DELETE

    The DELETE method deletes the specified resource.

  6. CONNECT

    The CONNECT method establishes a tunnel to the server identified by the target resource.

  7. OPTIONS

    The OPTIONS method describes the communication options for the target resource.

  8. TRACE

    The TRACE method performs a message loop-back test along the path to the target resource.

  9. PATCH

    The PATCH method applies partial modifications to a resource.

Thank you for reading. Subscribe for more such Informative Posts.

ChaiCodeChaiaurcodeSSLTLShttphttps