HTTPS and HTTP – Hypertext Transport Protocol


What is HTTP?

HTTP is an application layer protocol which allows the fetching of resources.

It is a client-server protocol. The messages sent by the client are requests and the messages sent back by the server are called responses.

It can be sent over TCP or over TLS-encrypted TCP connections.

Difference between HTTP and HTTPS

The most significant difference between HTTP and HTTPS is that HTTPS requests are secured at the Transport Layer with TLS and HTTP requests are not.

What are the protocol layers? TCP/IP?

The internet protocol suite is a conceptual model for the set of communication protocols used in the internet.

It is connection oriented and ensures reliable data transfer between sockets of two processes.

Protocol Layers

TCP Handshake

The TCP three message handshake is the method through which a TCP/IP connection is established between a client and a server over an IP based network.

It is also known as the SYN-SYN-ACK handshake. There are three messages transmitted by TCP to negotiate and start a TCP session.

It stands for SYNchronize, SYNchronize-ACKnowledgement, ACKnowledge.

The three way handshake is as follows:

  1. Client sends server a special TCP segment
    • The SYN (synchronise) segment (SYN bit set to 1 in TCP header)
  2. Assume server receives the SYN and if agreeable, sends back a SYNACK (SYN Acknowledgement)
  3. Client then sets SYN bit to 0, sends back an ACK.

What is the significance of proxies in a HTTP based system?

In the client server model, there is never usually a single client machine and single server machine communicating directly with each other.

The layered nature of the web means that there are numerous computers performing different functions such as:

  • Caching (public or private like the browser cache)
  • Filtering (parental controls and antivirus)
  • Load Balancing
  • Authentication
  • Logging

HTTP is stateless

HTTP is stateless meaning that there is no link between two requests being successively carried out on the same connection.

HTTP is not sessionless

HTTP being stateless may seem like a problem when trying to interact with certain pages coherently e.g. e-commerce shopping baskets.

HTTP cookies allow for the use of stateful sessions. This allows cookies to be added to workflows to to allow session creation and to share the same context of the same state.

What is the path of a HTTP request across the internet?

A user will enter a URL into the address bar of their browser.

1. DNS Lookup

All website URL’s have a corresponding IP Address for where that server/computer is located.

If the browser has never visited the website before, the browser request a DNS lookup. A name server fulfils the request and returns the IP address for where the server is located.

This IP address will usually be cached for a period of time by the browser so that subsequent requests for that website are faster since the DNS lookup isn’t required.

2. TCP Handshake

Once the IP address of the server is known, the browser sets up a connection to the server via a TCP three way handshake.

This mechanism negotiates the parameters of the TCP sockets before transmitting data, usually over HTTPS.

3. TLS Negotiation

For secure connections established over HTTPS, another handshake is required.

This extra handshake is called the TLS Negotiation.

It determines the cipher that will be used to encrypt the communication. verifies the server and establishes that a secure connection is in places before beginning the data transfer.

This extra handshake requires three more round trips before the request data is sent.

From MDN Mozilla Website

What is a HTTP Cookie?

A HTTP cookie / web cookie / browser cookie is a small piece of data that a server sends to the user’s web browser.

The browser will often store this information and send it back with the next request to the same server.

It remembers stateful information for the stateless HTTP protocol.

There are three main purposes for cookies:

  1. Session management
    • Logins
    • Shopping carts
    • Or anything the server should remember
  2. Personalization
    • User preferences
    • Settings
  3. Tracking
    • Recording and analyzing user behaviour.


Leave a Reply

Your email address will not be published. Required fields are marked *