http 和 https 的区别 [英] Difference between http and https

问题描述

HTTP 和 HTTPS 标头有什么区别?

1. 在 HTTP 上使用 HTTPS 有什么好处?
2. 网站HTTPS需要做哪些设置?
3. 我们可以使用 HTTPS 仅用于登录目的，然后使用 onwords HTTP 吗?
4. HTTPS 中是否存在任何威胁?
5. HTTPS 所需的处理时间是否比 HTTP 长?
6. HTTPS 是否比 HTTP 花费更多?

解决方案

1. 在 HTTP 上使用 HTTPS 有什么好处?

HTTPS 意味着您通过 TLS/SSL 隧道传输 HTTP 协议，该协议会加密 HTTP 有效负载.所以好处是 HTTP 请求和响应是通过网络安全传输的，例如您的互联网服务提供商不知道您在做什么.

<块引用>

1. 如何使用 HTTPS?

在您的端点启用它，通常是在您的应用程序服务器前面的 Web 服务器.大多数 Web 服务器(例如 IIS、Apache)通过配置支持这一点.根据您的保密要求，这可能还不够.

<块引用>

1. 我们可以使用 HTTPS 仅用于登录目的，然后使用 onwords HTTP 吗?

从技术上讲，这是可能的，但它会带来一些安全风险.示例:安全登录后，您传输标识用户的会话 ID.如果您不安全地传输这些会话 ID(无 SSL)，会话劫持就会成为风险(中间人")

<块引用>

4. 网站HTTPS需要做哪些设置?

见#2.在公共互联网场景中，您应该向某个证书颁发机构 (CA) 请求(购买)证书，以便最终用户客户端可以验证他们是否应该信任您的证书.

<块引用>

5. HTTPS 中是否存在任何威胁?

在协议本身中存在轻微的中间人攻击风险.例如.客户端和服务器之间的代理可以伪装成服务器本身(这需要成功攻击网络基础设施，例如 DNS).还有其他几个与协议本身无关的更模糊"的风险，例如:

• 使用过时的加密密钥长度(例如 256 位)
• 私钥丢失或不适当的密钥管理程序(例如通过未加密的电子邮件发送)
• 证书颁发机构失败(只需查看 2011 年的新闻稿)

<块引用>

6. HTTPS 所需的处理时间是否比 HTTP 长?

是的，密钥协商(握手)需要大量 CPU 容量.

What is difference between HTTP and HTTPS header?

1. What are benefits of using HTTPS over HTTP?
2. What settings needs to be done for making website HTTPS?
3. Can we use HTTPS for only login purpose and then onwords HTTP?
4. Is there any threat present in HTTPS?
5. Is processing time required for HTTPS is greater than HTTP?
6. Does HTTPS cost more than HTTP?

解决方案

1. What are benefits of using HTTPS over HTTP?

HTTPS means that you tunnel the HTTP protocol over TLS/SSL which encrypts the HTTP payload. So the benefit is that HTTP requests and responses are transmitted securely over the wire, e.g. your Internet Service Provider does not know what you're doing.

2. How to use HTTPS?

Enable it at your endpoint, in general a web server in front of your application server. Most web servers (e.g. IIS, Apache) support this by configuration. Depending on your confidentiality requirements this may not be enough.

3. Can we use HTTPS for only login purpose and then onwords HTTP?

Technically this is possible, but it introduces some security risks. Example: After a secured login you transmit session IDs identifying the user. If you transmit those session IDs unsecurely (no SSL), session hijacking becomes a risk ('man-in-the-middle')

4. What settings needs to be done for making website HTTPS?

See #2. In public internet scenarios you should request (buy) a certificate from a certain Certificate Authority (CA), so that end user clients can verify whether they should trust your certificate.

5. Is there any threat present in HTTPS?

In the protocol itself there is a slight risk of man-in-the-middle attacks. E.g. a proxy between the client and server could pretend to be the server itself (this requires a successful attack to network infrastructure, e.g. DNS). There are several other 'more obscure' risks that do not relate to the protocol itself, e.g.:

• usage of an outdated encryption key length (e.g. 256 bit)
• loss of private keys or unappropriate key management procedures (e.g. send via unencrypted email)
• certificate authority failure (just look at press releases in 2011)

6. Is processing time required for HTTPS is greater than HTTP?

Yes, key negotiation (handshaking) requires a lot CPU capacity.

这篇关于http 和 https 的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！