HTTPS (HTTP Secure)
- HTTPS is HTTP wrapped in TLS/SSL encryption - provides confidentiality, integrity, and authentication for web communications
- Uses port 443 by default (compared to HTTP’s port 80)
- Establishes secure tunnel before any HTTP data is transmitted
- Essential for protecting sensitive data like login credentials, financial information, and personal data
How HTTPS Works
- Client initiates connection to server on port 443
- TLS handshake occurs first to establish encryption parameters
- Server presents digital certificate to prove identity
- Client and server negotiate cipher suite and exchange keys
- All subsequent HTTP traffic is encrypted using agreed-upon methods
TLS Handshake Process
- Client Hello: Client sends supported TLS versions, cipher suites, and random number
- Server Hello: Server selects TLS version, cipher suite, sends certificate and random number
- Key Exchange: Client verifies certificate, generates pre-master secret
- Finished: Both sides derive session keys and confirm handshake completion
Vocabulary
| Term | Definition |
|---|---|
| TLS | Cryptographic protocol providing secure communication |
| SSL | Deprecated predecessor to TLS |
| Certificate Authority (CA) | Trusted third party that issues digital certificates |
| Digital Certificate | Electronic document proving identity |
| Cipher Suite | Set of algorithms for encryption and authentication |
Notes
- Always use HTTPS for any authentication or sensitive data
- Modern browsers mark HTTP sites as “Not Secure”
- Let’s Encrypt provides free certificates for HTTPS accessibility
- Mixed content warnings occur when HTTPS pages load HTTP resources
- TLS 1.3 is current standard - older versions have vulnerabilities