Hyper Text Transfer Protocol it resides in layer 7(Application layer), it enables the client Brower can interacts with server.it works on web Browers. and Https is a layer 4 (Transport layer)

-> Http is insecure, it will not encrypt the data, so it is light weight, and it uses port:80

-> Https is secure, and it will encrypt and decrypts the data.it uses SSL/TLS protocols for encryption and decryption of data during transmission. And it provides certification Authority so your browser can understand to provides the security and it is heavier than Http and it uses port:443.

SSL encryption in two ways Asymmetric and symmetric way

Asymmetric Encryption (Public-Key Encryption):

• During the SSL/TLS handshake:

  • The server shares its public key with the client.

  • The client generates a session key (symmetric key) and encrypts it using the server's public key.

  • The encrypted session key is sent to the server.

  • The server decrypts the encrypted session key using its private key.

• Symmetric Encryption:

  • After the key exchange using asymmetric encryption:

    • Both the client and server have the same session key (symmetric key).

    • They use this shared session key for symmetric encryption and decryption of data during the rest of the session.

    • Symmetric encryption is faster and more efficient for encrypting and decrypting the actual data being transmitted.