HTTP is ‘Hypertext transfer protocol’ is a protocol responsible for communicating on the Internet. It is the fundamental block of the World Wide Web. HTTP is a stateless protocol since the server forgets the client once the transaction is over.
HTTPS, on the other hand, is HTTP running on top of SSL (Secure Sockets Layer) Most of our day to day transactions like shopping or bill payments are done online. This results in critical and vital data like credit card numbers and bank account numbers being sent online. This crucial data cannot fall into the wrong hands which might be used for malicious purposes.
This creates an absolute necessity that the communication between the server and client be secure. SSL ensures this secure channel of communication using cryptography. Most users are assured of the SSL guarantee by seeing the “padlock” on the left part of the address bar along with the “https” instead of “http.”
How is SSL implemented?
SSL is one practical application of cryptography that makes use of both symmetric and asymmetric encryption. SSL makes use of asymmetric public-private key pair and ‘symmetric session keys.’ A ‘session key’ is a one- time use symmetric key which is used for encryption and decryption. They are randomly chosen and are used only for any particular session.
- For the server and client to engage in a secure conversation, an ‘SSL certificate’ needs to be created and verified by the Certificate Authority (CA). This SSL certificate is installed on the server. (What Is SSL (Secure Sockets Layer) and What Are SSL Certificates? 2016)
- The browser next indicates that it would like to start a conversation with a secure server.
- The server sends its SSL certificate along with the server’s asymmetric public key.
- If the browser trusts the certificate, it encrypts the just created ‘symmetric session key’ with the server’s asymmetric public key and sends it back to the server.
- The server decrypts the symmetric session key with its own asymmetric private key.
- This decrypted session key is then used for creating a secure means of communication between the server and client. (Behind the Scenes of SSL Cryptography 2016)
It should be noted that both the client and server must enable SSL to secure communication between them. SSL works only by encrypting the communication and does not secure data once it has been delivered.
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu