https协议

HTTP in insecure by design.

HTTP在设计上是不安全的。

When you open your browser and ask a web server to send you a webpage, your data performs 2 trips: 1 from the browser to the web server, and 1 from the web server to the browser.

当您打开浏览器并要求Web服务器向您发送网页时，您的数据执行2次旅行：1次从浏览器到Web服务器，以及1次从Web服务器到浏览器。

Then, depending on the content of the web page, you might have more connections required to get the CSS files, the JavaScript files, images, and so on.

然后，根据网页的内容，您可能需要更多的连接才能获取CSS文件，JavaScript文件，图像等。

During any of those connections, any network your data is going to cross can be inspected and manipulated.

在任何这些连接期间，您的数据将要穿越的任何网络都可以得到检查和操纵 。

The consequences can be serious: you might have all your network activity monitored and logged, by a 3rd party you are not even aware it exist, some networks , and you might be subject to a man-in-the-middle attack, a security threat where the attacker can manipulate your data and even impersonate your computer over the network. It’s very easy for someone to just listen to HTTP packets being transmitted over a public and unencrypted Wi-Fi network.

结果可能是很严重的：您可能监视并记录了所有网络活动，而您甚至都不知道有第三方存在，因此某些网络 ，并且您可能会受到中间人攻击，这是一种安全威胁，攻击者可以在其中操纵您的数据，甚至通过网络模拟您的计算机。 对于某人而言，仅侦听通过公共未加密的Wi-Fi网络传输的HTTP数据包非常容易。

HTTPS aims to solve the problem at the root: the entire communication between your browser and the web server is encrypted.

HTTPS旨在从根本上解决问题：浏览器与Web服务器之间的整个通信都经过加密。

Privacy and security are a major concern in today’s internet. A few years ago, you could get away with just using an encrypted connection in login-protected pages, or during an e-commerce checkout. Also because of SSL certificates pricing and complications, most websites just used HTTP.

隐私和安全性是当今互联网的主要关注点。 几年前，仅在受登录保护的页面中或在电子商务结帐时使用加密连接就可以摆脱困境。 另外，由于SSL证书的定价和复杂性，大多数网站仅使用HTTP。

Today HTTPS is a requirement on any site. More than 50% of the whole Web uses it now. Google Chrome recently started marking HTTP sites as insecure, just to give you a valid reason to have HTTPS mandatory (and forced) on all your websites.

今天，在任何站点上都必须使用HTTPS。 现在，超过50％的整个Web都在使用它。 Google Chrome最近开始将HTTP网站标记为不安全，这是给您一个在所有网站上强制(强制)HTTPS的正当理由。

When using HTTP the default server port is 80, and on HTTPS it’s 443. It does not need to be explicitly added if the server uses the default port, of course.

使用HTTP时，默认服务器端口为80，而在HTTPS上为443。如果服务器使用默认端口，则无需显式添加该端口。

HTTPS is also sometimes called HTTP over SSL, or HTTP over TLS.

HTTPS有时也称为基于SSL的 HTTP或基于TLS的HTTP 。

The difference between the two is simple: TLS is the successor of SSL.

两者之间的区别很简单：TLS是SSL的后继产品。

When using HTTPS, the only thing that is not encrypted is the web server domain, and the server port.

使用HTTPS时，唯一未加密的是Web服务器域和服务器端口。

Every other information, including the resource path, headers, cookies and query parameters are all encrypted.

所有其他信息(包括资源路径，标头，cookie和查询参数)均已加密。

I won’t go in the details of analyzing how the TLS protocol works under the hoods, but you might think it’s adding a good amount of overhead, and you would be right.

我不会详细分析TLS协议在幕后的工作原理，但是您可能会认为这会增加大量开销 ，这是正确的。

Any computation that’s added to the processing of network resources causes overhead both on the client, the server, and to the transmitted packets size.

添加到网络资源处理中的任何计算都会导致客户端，服务器以及传输的数据包大小的开销。

However HTTPS enables the use of the newest protocol , which has a huge advantage over HTTP/1.1: it way faster.

但是，HTTPS启用了最新协议 ，它比HTTP / 1.1具有巨大的优势：速度更快。

Why? There are many reasons, one is header compression, one is resource multiplexing. One is server push: the server can push more resources when one resource is requested. So, if the browser requests a page, it will also receive all the resources needed (images, CSS, JS).

为什么？ 原因有很多，一种是报头压缩，一种是资源复用。 一种是服务器推送：当请求一种资源时，服务器可以推送更多资源。 因此，如果浏览器请求页面，它还将接收所有需要的资源(图像，CSS，JS)。

Details aside, HTTP/2 is a huge improvement over HTTP/1.1 and it requires HTTPS. This means that HTTPS, despite having the encryption overhead, happens to be way faster than HTTP, if things are properly configured with a modern setup.

除了细节之外，HTTP / 2是对HTTP / 1.1的巨大改进，它需要HTTPS 。 这意味着，尽管具有加密开销，但如果使用现代设置正确配置了HTTPS，HTTPS就会比HTTP快得多。

翻译自:

https协议