📑 Table of Contents
Not to be confused with HTTPS.

Secure Hypertext Transfer Protocol (S-HTTP) is an obsolete alternative to the HTTPS protocol for encrypting web communications carried over the Internet. It was developed by Eric Rescorla and Allan M. Schiffman at Enterprise Integration Technologies in 1994[1] and published in 1999 as RFC 2660. Netscape's dominance of the browser market led to HTTPS becoming the de facto method for securing web communications.

Comparison to HTTP over TLS (HTTPS)

edit

S-HTTP encrypts only the served page data and submitted data like POST fields, leaving the initiation of the protocol unchanged. Because of this, S-HTTP could be used concurrently with HTTP (unsecured) on the same port, as the unencrypted header would determine whether the rest of the transmission is encrypted.

In contrast, HTTP over TLS wraps the entire communication within Transport Layer Security (TLS; formerly SSL), so the encryption starts before any protocol data is sent. This creates a name-based virtual hosting "chicken and egg" issue with determining which DNS name was intended for the request.

This means that HTTPS implementations without Server Name Indication (SNI) support require a separate IP address per DNS name, and all HTTPS implementations require a separate port (usually 443 vs. HTTP's standard 80)[2] for unambiguous use of encryption (treated in most browsers as a separate URI scheme, https://).

As documented in RFC 2817, HTTP can also be secured by implementing HTTP/1.1 Upgrade headers and upgrading to TLS. Running HTTP over TLS negotiated in this way does not have the implications of HTTPS with regards to name-based virtual hosting (no extra IP addresses, ports, or URI space). However, few implementations support this method.

In S-HTTP, the desired URL is not transmitted in the cleartext headers, but left blank; another set of headers is present inside the encrypted payload. In HTTP over TLS, all headers are inside the encrypted payload and the server application does not generally have the opportunity to gracefully recover from TLS fatal errors (including 'client certificate is untrusted' and 'client certificate is expired').[2]

References

edit
  1. ^ "The Secure HyperText Transfer Protocol". ietf.org. IETF. I-D draft-ietf-wts-shttp-01.txt. Retrieved 8 February 2022.
  2. ^ a b Tom Sheldon (2001). "S-HTTP (Secure Hypertext Transfer Protocol)". Retrieved 2016-01-01.
edit

📚 Artikel Terkait di Wikipedia

Department of Finance (West Bengal)

Project Clearance Committee Government e Marketplace finance.wb.gov.in [Shttps://www.indianbureaucracy.com/goutam-kumar-ghosh-ias-appointed-special-co

Spyglass, Inc.

to security, with Spyglass using the Secure Hypertext Transfer Protocol (SHTTP), while Netscape used its own Secure Sockets Layer (SSL). Spyglass did not

Vinay Varma

vis-a-vis death". 21 March 2024. "Dushala's unspoken truth". 7 November 2023. [shttps://www.thehindu.com/entertainment/theatre/sutradhars-adhikar-a-set-of-tw

Rump Shaker (song)

Angeles Times. 1992-11-29. Retrieved 2026-02-27. "Wreckx-N-Effect – Rump Shttps://www.billboard.com/charts/billboard-200/1996-11-16/haker". ARIA Top 50

Southern African Customs Union

Southern Africa (COMESA) Rules of origin Market access Free-trade area Tariff Shttps://www.sacu.int/docs/pr/2023/Press-Release-SACU-Chairmanship-Rotation-an

Laura Briggs

Duncan. Politics of Motherhood in Global Contexts syllabus. Oregon State. shttp://liberalarts.oregonstate.edu/sites/liberalarts.oregonstate

Dave Lindorff

"support" of ever-higher funding requests for each next year's budget. shttps://theithacan.org/news/park-center-for-independent-media-holds-11th-annual-izzy-awards/

Big Swoop

out on Garema Place. Wikimedia Commons has media related to Big Swoop. shttps://www.arts.act.gov.au/public-art/b/big-swoop "Community activations and