HTTPS and SHTTP

kprakpra Member Posts: 11 ■□□□□□□□□□
Hi,

The Comptia Security+ talks about SHTTP and HTTPS.
In which one is for communication encryption and the other for data encryption.

Then why use HTTPS?rather can use SHTTP for data encryption?

What is the clear difference between these two??

Can anyone explain this?

Thanks.

Comments

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    HTTPS encrypts the communications layer. Think of it as HTTP running over SSL. SSL is a communications encrytion protocol. Because SSL encrypts communications you can use other application protocols with it such as ftp or smtp. SHTTP which isnt really used anymore encrypts only the data in the HTTPmessage. So with SHTTP, you will see the HTTP transactions unencrypted. Hope that makes sense.
  • quinnyflyquinnyfly Member Posts: 243 ■■■□□□□□□□
    SHTTP (Secure Hypertext Transfer Protocol) - Application layer encryption protocol
    SSL (Secure Sockets layer) - Session layer encryption protocol

    HTTP is an application layer protocol and primarily uses port 80, SSL is a session layer protocol and uses port 443.

    SHTTP uses symmetric key encryption and only encrypts the message, it is inferior to HTTPS or SSL over HTTP.

    I am pretty sure that was about all I needed to know for many of my exams about HTTPS and SSL with regard to their differences.
    The Wings of Technology
  • DarrilDarril Member Posts: 1,588
    Something else to consider related to Security+ is that SHTTP is not in the objectives for the current exam. In the previous version (SY0-201) you needed to understand HTTP vs HTTPS vs SHTTP. However, for the SY0-301 exam, SHTTP is not listed except as an acronym but HTTPS is listed in a few places.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    quinnyfly wrote: »
    SHTTP uses symmetric key encryption and only encrypts the message, it is inferior to HTTPS or SSL over HTTP.

    I am pretty sure that was about all I needed to know for many of my exams about HTTPS and SSL with regard to their differences.
    I can't comment on what is on the exam since I am not familiar with it. But glad to hear that they don't ask about SHTTP which is not used anymore icon_wink.gif

    One clarification. SSL uses symmetric keys as well. The protocol uses an asymmetric encryption algorithm like RSA to first encrypt a random symmetric key to exchange. Then the symmetric key is what's used to encrypt the data using a symmetric algorithm like AES. The reason is that symmetric algorithms are much faster for procssing larger amounts of data.
  • quinnyflyquinnyfly Member Posts: 243 ■■■□□□□□□□
    paul78 wrote: »
    I can't comment on what is on the exam since I am not familiar with it. But glad to hear that they don't ask about SHTTP which is not used anymore icon_wink.gif

    One clarification. SSL uses symmetric keys as well. The protocol uses an asymmetric encryption algorithm like RSA to first encrypt a random symmetric key to exchange. Then the symmetric key is what's used to encrypt the data using a symmetric algorithm like AES. The reason is that symmetric algorithms are much faster for procssing larger amounts of data.

    Very good explaination of key exchange with SSL.
    The Wings of Technology
  • kprakpra Member Posts: 11 ■□□□□□□□□□
    Thanks all for the replies.
  • joebannyjoebanny Member Posts: 84 ■■□□□□□□□□
    Here is my take on this in a layman's language: HTTPS (which is SSL over HTTP) secures the entire communicatin channel between 2 communicating systems while S-HTTP attempts to provide security by securing individual transactions between 2 systems but not the entire channel. So HTTPS provides better security. I hope it is layman enough!
Sign In or Register to comment.