HTTP和HTTPS的差异

HTTPS协议、标准的HTTP，当需要确保网络上所传输信息的完整性和机密性时，特别是在Internet这样的公共网络上，其中的一种方法就是使用HTTPS协议。

HTTPS为正常的HTTP包封装了一层SSL(Secure Sockets Layer，安全套接字层)。

和其他支持SSL的应用程序互相通信时，可以确保机密性。

SSL实际上是运行在TCP/IP层上的一种协议，他通过对称加密和数字认证来加密数据。只有当客户和服务器两端的系统都以SSL模式执行时，才能在两者之间建立一个SSL连接，并能够完成相互间的鉴别。

SSL对所要传输的数据进行加密，但对底层的请求消息和响应消息并无影响，当消息体（message body）构造完毕后，就会加密，在另一端，当消息体从HTTP消息取出来时，就解密。

 

附原文：

HTTP Versus HTTPS

You've probably noticed that the request and response message text shown in the previous examples
all have been standard readable text. This is fine when you don't need to protect the data; however,
you would never want to send confidential data in the clear. When you need to ensure the integrity and
privacy of information that is sent over a network, especially an open one like the Internet, one of the
options is to use the HTTPS protocol, rather than standard HTTP.
HTTPS is normal HTTP wrapped by a Secure Sockets Layer (SSL). SSL is a communication system
that ensures privacy when communicating with other SSL-enabled applications. It's really just a
protocol that runs on top of the TCP/IP layer. It encrypts the data through the use of symmetric
encryption and digital certificates. An SSL connection can be established between a client and server
only when both systems are running in SSL mode and are able to authenticate each other.
The fact that SSL encrypts the transmitted data has no impact on the underlying request and response
messages. The encryption and subsequent decryption on the other side occur after the message body is
constructed and is decoupled from the HTTP portion of the message.