本文共 4045 字,大约阅读时间需要 13 分钟。
http与https
HTTP (Hyper Text Transfer Protocol) is the protocol that powers the web as we know it.
HTTP( 超文本传输协议 )是为网络提供动力的协议。
It sits on top of TCP, which sits on top of IP.
它位于TCP之上,而TCP则位于IP之上。
Web pages can either use HTTP or HTTPS (Hyper Text Transfer Protocol Secure).
网页可以使用HTTP或HTTPS( 安全的超文本传输协议 )。
How are they different? And, why is now HTTP being marked as non-secure by Chrome?
它们有何不同? 而且,为什么现在Chrome浏览器将HTTP标记为不安全?
When you request an HTTP page from a server, the data goes through many different networks, each controlled by a separate company or entity.
当您从服务器请求HTTP页面时,数据将通过许多不同的网络传输,每个网络都由单独的公司或实体控制。
Starting from the WiFi router, which might be owned by the coffee shop or by the city public network infrastructure, every single node in the network can see the request and the response, and modify it in any way.
从可能由咖啡店或城市公共网络基础设施拥有的WiFi路由器开始,网络中的每个节点都可以看到请求和响应,并可以以任何方式对其进行修改。
They might inject ads, they might inject malware, they might log any credentials you enter. A server in the middle can play as a man-in-the-middle, sending compromised information.
他们可能注入广告,他们可能注入恶意软件,他们可能会记录您输入的所有凭据。 中间的服务器可以扮演中间人的角色,发送受到破坏的信息。
This also applies to any internet protocol that’s not secured.
这也适用于任何不安全的互联网协议。
HTTPS traffic is end-to-end encrypted, and this means there is nothing in between that can read the information exchanged between you and the server at the other side of the network.
HTTPS流量是端到端加密的,这意味着它们之间没有任何内容可以读取您与网络另一端的服务器之间交换的信息。
By default, HTTP is served on port 80, while HTTPS is served on port 443. Those are the default ports, but a web server can choose to serve content on a different, random port, in which case you need to specify it in the address bar:
默认情况下,HTTP通过端口80提供服务,而HTTPS通过端口443提供服务。这些是默认端口,但是Web服务器可以选择在其他随机端口上提供内容,在这种情况下,您需要在地址栏:
http://flaviocopes.comhttp://flaviocopes.com:80/javascripthttps://flaviocopes.com:8081/javascript
No! It’s the opposite.
没有! 相反。
There is a myth around page speed. People think that the TLS handshake required for HTTPS is making page speed slower, but in reality, an HTTPS page can load up way, way faster than HTTP.
关于页面速度有一个神话。 人们认为HTTPS所需的TLS握手使页面速度变慢,但实际上,HTTPS页面可以以比HTTP更快的速度加载。
Why? Because of , the newest version of the HTTP protocol. HTTP/2 can serve requests in parallel, and requires a secure connection, so if your server uses a modern Web Server, which supports HTTP/2, then your web pages are going to have a significant speed bump when using HTTPS.
为什么? 由于 ,因此是HTTP协议的最新版本。 HTTP / 2可以并行处理请求,并且需要安全的连接,因此,如果您的服务器使用支持HTTP / 2的现代Web服务器,则使用HTTPS时,您的网页将出现明显的速度颠簸。
HTTP/2 introduces better parallelism, multiplexing, and compression, and that is an awesome update to HTTP.
HTTP / 2引入了更好的并行性,多路复用和压缩,这是对HTTP的绝佳更新。
See this page for an example: < and <
例如,请参见此页面:< 和<
Yes.
是。
In particular, HTTPS is going to give you an advantage in SEO terms.
特别 HTTPS将在SEO方面给您带来优势。
Also, Google is going to officially mark HTTP sites as non-secure in its Chrome browser, and this is clearly an indication that if you care what Google wants, and you want to take advantage of that, you should switch to HTTPS, as soon as possible. The best possible time would have been 3 years ago, the next best time is today.
此外,Google将会在其Chrome浏览器中将HTTP网站正式标记为不安全,这显然表明,如果您关心Google想要的内容,并且想要利用这一点,则应尽快切换到HTTPS。尽可能。 最好的时间应该是3年前,第二个最好的时间是今天。
Not at all. Thanks to free SSL certificates provided by Let’s Encrypt, the push for HTTPS had a huge impact and how every decent hosting provider is implementing it for free on all the accounts. Thanks to this, in 2018 .
一点也不。 感谢Let's Encrypt提供的免费SSL证书,对HTTPS的推动产生了巨大影响,并且每个体面的托管服务提供商如何在所有帐户上免费实施它。 因此,在2018年, 。
In the past having an SSL certificate for your site was a premium option that few were willing to purchase for a regular site, that was not making money or didn’t process user data.
过去,为您的站点提供SSL证书是一种高级选择,很少有人愿意为常规站点购买,这既不赚钱也不处理用户数据。
Nowadays there’s no excuse.
如今,没有任何借口。
翻译自:
http与https
转载地址:http://vqqgb.baihongyu.com/