Terms And Tips

HTTPS Versus HTTP Protocol

The HTTP protocol uses a plain Transmission Control Protocol (TCP). The TCP is unencrypted and therefore can be intercepted by an attacker on the network. Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) though the same application layer protocol but with a different default TCP port (443 instead of 80) and an additional encryption and authentication layer between the HTTP and TCP. This ensures protection from eavesdroppers and man-in-the-middle attacks. Encrypted Secure Sockets Layer (SSL) is now superseded by Transport Layer Security (TLS), but TLS still referred to using the old name.

Before accepting HTTPS connections the administrator must create a public key certificate for the web-server. Certificates can be created with tools such as OpenSSL. This certificate must be signed by a certificate authority, which certifies that the certificate holder is indeed the entity it claims to be. Web browsers are generally distributed with the signing certificates of major certificate authorities.

SSL/TLS uses a cryptographic system with two keys to encrypt data, a public key known to everyone and a private or secret key known only to the recipient of the message. URL s that require an SSL connection start with "https:" instead of "http:".

You will notice the padlock symbol (Internet Explorer) on a secure connection.