Here is your guide to what does https mean, why nowadays this protocol matters and how is it different from the outdated http?
What Does https Mean?
HyperText Transfer Protocol Secure (HTTPS) is a secure version of HTTP, which is the primary protocol used to transfer data between a web browser and a website.
HTTPS is encrypted to increase data security. This is especially important when users transfer sensitive data, such as by signing in with a bank account or email.
Any website must use HTTPS.
In modern web browsers, such as Chrome, websites that do not use HTTPS are marked differently than those that do.
Look for a green lock in the URL bar that indicates that the webpage is secure.
Web browsers take HTTPS seriously.
When we talk about the https protocol, it’s worth mentioning that Google Chrome and other browsers mark all non-HTTPS websites as insecure.
How does HTTPS work?
HTTPS uses an encryption protocol to encrypt the connection.
The protocol is called Transport Layer Security (TLS), although it was formerly known as Secure Sockets Layer (SSL).
This protocol provides communication protection using the so-called asymmetric public key infrastructure.
This type of security system uses two different keys to encrypt the connection between the two parties:
- Private key – This key is managed by the website owner, and it is stored, as the reader may assume, private. This key exists on the web server and is used to decrypt information encrypted with the public key.
- Public key – this key is available to anyone who wants to communicate with the server in a secure way. Information encrypted with a public key can only be decrypted with a private key.
Why is HTTPS important?
Now as you know what does https mean we may speak about why do we need it.
HTTPS prohibits websites from transmitting information so that it can be easily viewed by anyone with access to the network.
When information is sent using regular HTTP, the information is broken down into data packets that can be easily explored using free software.
This makes communication over an unsecured connections, such as public Wi-Fi, vulnerable to data interception.
In fact, all connections made over HTTP are in plain text, making them accessible to anyone with the right tools and vulnerable to attacks.
With the HTTPS protocol, traffic is encrypted in such a way that even if packets are intercepted, they will be in the form of meaningless characters.
On websites without HTTPS, Internet Service Providers (ISPs) or other resellers may enter content on web pages without the permission of the website owner.
HTTPS eliminates the possibility of unmoderated third-party hacking and embedding of their advertising in your web content.
HTTPS versus HTTP
Technically speaking, the HTTPS protocol is not a separate protocol from HTTP.
It’s just using TLS / SSL encryption over HTTP.
HTTPS is based on the transmission of TLS/SSL certificates that confirm that a particular provider is who it should be.
When a user connects to a web page, the web page sends its SSL certificate, which contains the public key needed to start a secure session.
The two computers, the client and the server, then go through a process called the SSL/TLS handshake, which is a series of feedback used to establish a secure connection.
Many web hosting providers and other services offer TLS / SSL certificates for a fee.
More expensive certificates are available, which can be registered individually for certain web resources.
Source: www.cloudflare.com
