What is HTTPS

1. Introduction

Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP. The Hypertext Transfer Protocol (HTTP) is the foundation of the World Wide Web.

HTTP is an application layer protocol designed to transfer information between networked devices and runs on top of other layers of the network protocol stack. In HTTPS, the data is encrypted in order to increase security. This is important while sending sensitive and personal information like bank account, credit card numbers etc.

In modern web browsers such as Chrome, websites that do not use HTTPS are marked differently than HTTP. In the address bar (or URL bar) a padlock signifies that the webpage is secure. If the webpage is non-HTTPS, the website is shown as not secure in the address bar (or URL bar).

not secure website example

A website that uses HTTPS, uses https:// in the beginning of its URL, for example https://www.example.com. HTTPS uses certificates and so HTTPS avoids impersonation of server by confirming the identity of the server.

With HTTPS, data is encrypted in transit in both directions, i.e. client to server and server to client.

2. How does HTTPS work?

HTTPS uses an encryption protocol to encrypt communications. The protocol is called Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL).

HTTPS is not a separate protocol than HTTP. HTTPS uses TLS/SSL protocol over the HTTP protocol. HTTPS is HTTP with TLS encryption.

HTTPS uses TLS/SSL certificates to verify the identity. The communication between client and server is established by TLS handshake. HTTPS uses TLS(SSL) to encrypt normal HTTP requests and responses.

3. Why is HTTPS important?

In regular HTTP, the information is sent as packets of data which can be sniffed over the internet. So when communication is done over an unsecured medium, such as public Wi-Fi, the communication can be intercepted.
With HTTPS, traffic is encrypted, so even if the communication is intercepted the data can’t be read in its original form. In HTTP, the data is transported as plain text whereas in HTTPS, the data is encrypted.

Before encryption:

sample text to encrypt

After encryption:


4. Default port for HTTPS

The default port for HTTPS is 443. The default port for HTTP is 80.

5. Conclusion

In this tutorial, we discussed briefly about the HTTPS. Understanding HTTPS is the first step in understanding the application security. In upcoming tutorials, we’ll discuss other concepts related to security like encryption, certificates, TLS handshake etc.