Sunday 16 April 2017

What is HTTPS? How does it secure your browsing?

 HTTP stands for Hypertext Transfer Protocol. When you enter HTTP:// in your address bar in front of the domain, it tells the browser to connect over HTTP. HTTP uses TCP over port 80, to send and receive data packets over the web.

Now, HTTPS stands for Hypertext Transfer Protocol Secure. When you enter HTTPS:// in your address bar in front of the domain, it tells the browser to connect over HTTPS. HTTPS also uses TCP to send and receive data packets, but it does so over port 443, within a connection encrypted by Transport Layer Security. It uses a public key which is then decrypted on the recipient side. The public key is deployed on the server, and included in what you know as an SSL certificate. The certificates are cryptographically signed by a Certificate Authority (CA), and each browser has a list of CAs it implicitly trusts.

Good news. Your information is safe. The website you are working with has made sure that no one can steal your information. Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers.

HTTPS was actually created by Netscape Communications back in 1994 to use in its Netscape Navigator web browser. HTTPS originally used the SSL protocol which eventually evolved into TLS.

The SSL layer serves for two main purpose :
  • It is confirmed after using HTTPS that you are talking to server directly that you are thinking of.
  • It also ensures that only server reads the data you sent over network. No else can read it.

An SSL connection between client and server is establish by handshake which focuses on below things :
  • To make sure that client is talking to right server
  • Both parties have agreed on a 'cipher' which includes which encryption they will use to exchange data.
  • Both parties should agree key for this algorithm

As soon as connection is established, both parties can used agreed algorithm and keys to securely send messages to each other.