HTTPS: HTTP over SSL

HTTPS : HTTP over SSL

Because SSL acts so much like TCP, and there are so many protocols that run over TCP, securing these protocols by creating an SSL channel is a common implementation. The implementation usually is one of two schemes. One is to use separate ports for the secure and non-secure protocols. The alternative is called upward negotiation : The application is modified to support a message to indicate that either the client or the server wants to upgrade to SSL; if the other side agrees, the SSL handshake begins.

In HTTP, a TCP connection is established and the client sends requests to the server, which in turn sends a response (a document). Using SSL, the client establishes a TCP connection and then (on top) an SSL channel. The HTTP requests are sent over the SSL channel; the server responds over the SSL connection. The server lets the client know that SSL should be used. The URL begins with https rather than http . HTTPS is a secure communication mechanism between an HHTP client and an HTTP server pair.

From the Session Layer, this is also a socket pair. By using TLS/SSL, HTTPS can offer a wide range of combinations between keying, cipher algorithms, and message digests. HTTPS provides symmetric capabilities for both client and server, meaning that requests and replies are both encrypted. This is accomplished by synchronizing the preferences of the client and server while following the application protocol of HTTP. HTTPS does not require client-side public key certificates to support this symmetric property of HTTP, so it is helpful in allowing users to connect to a secure sight without having to set up any notion of a public key from the client's perspective.