+ Start a Discussion
SFDC coderSFDC coder 

how to identify an https implementation?

Hi All,

This question may sound a bit stupid but i was very confused with the concept hence thought of posting here.

In an integration, how to we identify if its an http implementation or an https implementation.
As per my undertanding,
1. If the target endpoint starts with https and you are able to hit that url using required certificates from salesforce, it can be considered as an https implementation
2.At the other end, say for example i am implementing an integration between SAP and salesforce and SAP has set the transport protocol in their configuration as http with target url set to that of salesforce as "https//test.salesforce.com" and require self signed certificate from salesforce to be used while making outbound calls, in that case can this be considered as an https implementation?

Hope my understanding is correct.

Thanks in advance
NagendraNagendra (Salesforce Developers) 
Hi SFDC coder,

Please find the explanation below.

HTTPS: HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. 

HTTP: No client profile information is transferred with the query. Future HTTP protocols will be back-compatible with this protocol.
This restricted protocol is very simple and may always be used when you do not need the capabilities of the full protocol which is backwards compatible.
The definition of this protocol is in the public domain (see policy ).
The protocol uses the normal internet-style telnet protocol style on a TCP-IP link. The following describes how a client acquires a (hypertext) document from an HTTP server, given an HTTP document address.

Identifying the difference between HTTPS and HTTP: HTTPS URLs begin with "https://" and use port 443 by default, whereas HTTP URLs begin with "HTTP://" and use port 80 by default.

HTTP is not encrypted and is vulnerable to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information, and modify web pages to inject malware or advertisements.
HTTPS is designed to withstand such attacks and is considered secure against them (with the exception of older, deprecated versions of SSL).
HTTP also doesn't require domain validation, where as HTTPS requires at least domain validation and certain certificates even require legal document validation.[24]

For more information please refer to the below links

http://searchsoftwarequality.techtarget.com/definition/HTTPS
https://en.wikipedia.org/wiki/HTTPS
https://www.w3.org/Protocols/HTTP/AsImplemented.html
https://www.w3.org/People/Frystyk/thesis/HTTPFeatures.html

Kindly mark this solution as solved if it helps you.

Best Regards,
Nagendra.P