HTTPS protocol
THe HTTPS protocol is used whenever there is a need to safely and securely transfer data between machines on the World Wide Web.
HTTPS requires a TLS certificate to be installed on your server. You can apply certificates to different protocols, like HTTP (web), SMTP (email) and FTP. An SSL or TLS certificate works by storing your randomly generated keys (public and private) in your server. The public key is verified with the client and the private key used in the decryption process.
HTTP is just a protocol, but when paired with TLS or transport layer security it becomes encrypted.
You may know TLS by another acronym, SSL. Secure socket layer or SSL was the original way we secured the Internet. As we evolved our standards, we retired SSL, but the acronym remains the more popular term for TLS.
If you look at a network Stack diagram HTTP is at the top, on top of TLS, which sits on top of the TCP and IP layers.
I know those are a lot of acronyms but don’t worry.
When HTTP is combined with TLS you get HTTPS This secure version of HTTP.
The HTTPS Handshake
When your browser connects to an HTTPS server, the server will answer with its certificate. The browser checks if the certificate is valid:
- the owner information need to match the server name that the user requested
- the certificate needs to be signed by a trusted certification authority
If one of these conditions is not met, the user is informed about the problem.
When HTTP is used, a series of handshakes takes place.
The initial request is sent to the server for a verification. When the server responds that it is the desired server the client then sends a hello message.
At this point the communication becomes encrypted.
Is to exchange encryption keys or ciphers.
At this point the reader communication can proceed. The initial handshakes steps take place in a matter of milliseconds.