Hypertext Transfer Protocol Secure (HTTPS) is a protocol with which websites and data can be encrypted and securely exchanged between web servers and web browsers on the Internet. It uses end-to-end encryption and authentication.
What is HTTPS we told you about The abbreviation HTTPS stands for Hypertext Transfer Protocol Secure. It is a protocol for the secure transmission of information on the Internet. It is mainly used for encrypted communication between a user’s web browser and the web server.
HTTPS was originally developed by Netscape and published in their browser. Today all popular browsers support HTTPS. The installation of additional software is not necessary and we told you What is an SSL Certificate With the Hypertext Transfer Protocol Secure, confidentiality and integrity can be established when exchanging data between client and server on the World Wide Web. The protocol uses end-to-end encryption and authentication for this.
From a technical point of view, the protocol inserts an additional layer between HTTP (Hypertext Transfer Protocol) and TCP ( Transmission Control Protocol ). With the help of authentication, the communication partners can check the identity of the other when establishing the connection. This prevents phishing or man-in-the-middle attacks.
As a rule, only the requested web server authenticates itself; although client authentication is also possible, it is rarely used. Encrypted connections can be recognized in the address line of the browser starting with “https: //” instead of “http: //”. In addition, the browser displays symbols in front of the address, such as a lock as an indication of an encrypted connection.
How the Hypertext Transfer Protocol Secure (HTTPS) works
The Hypertext Transfer Protocol Secure uses TLS ( Transport Layer Security ) as an intermediate layer between HTTP and TCP. TLS uses various mechanisms for the secure connection. Communication partners authenticate themselves using certificates. The SSL certificates are issued by a trustworthy authority, a so-called Certificate Authority (CA). The actual communication is encrypted by a session key that is only valid for the respective session.
Usually only the service provider (web server) authenticates itself to the client with a certificate. This ensures that the user is actually connected to the web server that he has addressed. As far as the actual retrieval of the website from the web server is concerned, HTTPS is identical to HTTP. Pages are requested via requests and then delivered by the server with its response if you need free ssl we support this.
The Hypertext Transfer Protocol Secure uses port 443 as the standard port.Unencrypted HTTP is usually carried out via port 80. A web server needs an SSL library such as OpenSSL in order to be able to deliver pages via HTTPS. In almost all common web hosting installations, an SSL library is either already included or can be easily retrofitted.
Use of the Hypertext Transfer Protocol Secure “HTPPS”
The main application for the Hypertext Transfer Protocol Secure is the secure transmission of web pages on the Internet. The use of HTTPS is also being pushed by search providers such as Google, as encrypted pages are rewarded with better positions in the result lists. The increasing use of open, usable for the general public WLANs contributes to the spread of HTTPS, as wireless -User can protect the end-to-end encrypted connections from unauthorized interception of other Wi-Fi users. The content is then encrypted independently of the WLAN protocol. Since TLS represents its own intermediate layer between TCP and higher-layer protocols, it can be used to secure other protocols such as SMTPS, IMAPS and FTPS.
Special features and security aspects of the Hypertext Transfer Protocol Secure
With the Hypertext Transfer Protocol Secure, the trustworthiness of the server’s identity largely depends on the authenticity of the certificate. The web browser has to decide whether the identity of the web server can be trusted based on a list of trusted CAs and a validity date. However, improper work by the certification authorities or illegally acquired certificates can compromise the secure authentication of the Hypertext Transfer Protocol Secure.
HTTPS: The “S” stands for “Security”
By default, websites are transmitted using the HTTP (Hypertext Transfer Protocol) protocol. HTTPS is a variant of HTTP that promises additional security. This is achieved by encrypting the exchanged data. Encryption is carried out using SSL (Secure Sockets Layer) or the more modern successor TLS (Transport Layer Security), which is why there is sometimes talk of “HTTP via SSL / TLS”.
In addition to the encryption of the exchanged data, which prevents reading and manipulation of this data, HTTPS also ensures a verification of the legitimacy of the websites visited. This is because, through a certificate issued by certain test centers, they prove that they are actually the legitimate website operating under a certain domain that the user wanted to contact, and that no one has tampered with the security resources. Modern browsers automatically check these certificates and warn the user if the certificate is incomplete, has expired, issued by an unknown certification authority or is otherwise untrustworthy, or if it has been changed for no apparent reason.
Area of application: (Almost) the entire Internet
The first area in which HTTPS was used extensively was online shopping. Many Internet department stores use this to secure their payment transactions and the exchange of sensitive customer data. Later, email providers and social networks followed suit, protecting their customers’ login data (especially passwords ) during transmission with HTTPS.
In recent years, HTTPS has become more and more popular. It is used by default to ensure the authenticity of websites, secure user accounts and protect communication, identity and surfing habits of users – and thus improve data protection for them.
There have been some spectacular attacks on HTTPS in recent years, above all those that exploited the “Heartbleed bug” in the “OpenSSL” SSL / TLS library. This bug has now been fixed. If systems are retrofitted with the newer, more secure OpenSSL version through current updates , this risk no longer exists. And despite the media coverage of Heartbleed, HTTPS remains a useful and important technology for Internet security and privacy.
Don’t ignore warnings lightly – What is HTTPS
HTTPS connections can usually be recognized (in addition to the relevant addition in front of the address) by a lock symbol in the browser. Many browsers also color the HTTPS addition or the entire address line green to indicate a secure connection.
However, the presence of HTTPS alone does not offer complete protection. The users themselves have to contribute to this. In addition to updating the software used and in particular the browser, users can protect themselves primarily through careful surfing behavior. Today’s web browsers make this easy: They issue clearly visible and easy-to-understand warning messages if a website secured by HTTPS cannot provide a trustworthy certificate. This warning should not be lightly ignored. This is particularly true if a warning has never been issued on the website concerned.