Saturday, November 10, 2012


HTTPS or HTTP over SSL


HTTPS (Hyper Text Transfer Protocol Secure or HTTP over SSL) is a secure way of using HTTP. HTTPS was developed by Netscape. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. When a user connects to a website via HTTPS, the website encrypts the session with a digital certificate. HTTP provides almost no security features; it contains only basic Authentication mechanisms, and no support for privacy.  HTTPS allows secure ecommerce transactions, such as online banking. A user can know if they are connected to a secure website if the website URL begins with https:// instead of http://.  HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.

HTTPS is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sub layer under regular HTTP application layering. The browser uses SSL or TLS when connecting to a secure part of a website indicated by an HTTPS URL. Suppose you visit a Web site to view their online shopping website. When you're ready to order, you will be given a Web page order form with a Uniform Resource Locator (URL) that starts with https://. When you click "Send," to send the page back to the online shop retailer, your browser's HTTPS layer will encrypt it. The acknowledgement you receive from the server will also travel in encrypted form, arrive with an https:// URL, and be decrypted for you by your browser's HTTPS sub layer. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks.

No comments:

Post a Comment