The SSL/TLS family of protocols (Secure Sockets Layer/Transport Layer Security) is used to secure communications between two end-points, usually a server and a client. When a browser accesses a web server using the HTTP protocol, the data is transmitted in the open. A third party that is able to intercept that conversation at one point in the network will be able to access and even modify the data being transmitted. A number of applications, such as making electronic payments over the Web and accessing sensitive corporate data, require a level of security that is not available from the HTTP protocol. The HTTPS protocol or Secure HTTP was developed to address those concerns. It improves the security of the HTTP protocol by providing
HTTPS encapsulates HTTP over the SSL/TLS family of protocols (Secure Sockets Layer/Transport Layer Security), which the rest of the chapters simply refer to as "SSL." The default port for the HTTPS protocol is 443, and HTTPS URLs are prefixed with https://. As you probably have experienced, most browsers provide visual feedback, usually in the form of a padlock next to the address bar, when connected to a site using the HTTPS protocol. |