HTTPS
Hyper Text Transfer Protocol Secure (HTTPS) it is a secure version of the Hypertext Transfer Protocol (HTTP). The 'S' means 'Sure'.
It is a method to guarantee a secure communication between a user's browser and a web server. It is often recognized by a green address bar or a padlock in the browser window, which indicates that the connection is secure.
How does HTTPS work?
HTTPS is based on one of two types of Encryption Protocols: Secure Sockets Layer (SSL) or Transport Layer Security (TLS). Many websites use an SSL certificate to encrypt communication.
Both TLS and SSL use an Asymmetric Public Key Infrastructure, in which a 'public' key and a 'private' key are used to encrypt the data.
The private key is stored in the web server while the public key is, as its name indicates, in the public domain and is used to decode the encrypted data sent from the web server and vice versa.
When a browser initiates an HTTPS session with the web server, the server sends the public key to the browser and an 'SSL Handshake' (greeting) is carried out between the browser and the server. Once the secure connection has been initiated and accepted, the browser recognizes the link and shows it as secure, either through a green bar or a lock, depending on the type of SSL certificate used.
SSL is the acronym for Secure Sockets Layer, the standard technology for keeping an Internet connection secure, as well as for protecting any confidential information that is sent between two systems and preventing criminals from reading and modifying any data that is transferred, including information that could be considered personal. The two systems can be a server and a client (for example, a shopping website and a browser) or server-to-server (for example, an application with information that can be identified as personal or with payroll data).
This is done by making sure that all data that is transferred between users and websites or between two systems is impossible to read. It uses encryption algorithms to encode the data that is transmitted and prevent hackers from reading it when sending it through the connection. This information could be any confidential or personal information, for example, credit card numbers and other banking information, names and addresses.
The TLS is the next generation of the SSL Certificate: it allows and guarantees the exchange of data in a secure and private environment between two entities, the user and the server, through applications such as HTTP, POP3, IMAP, SSH, SMTP or NNTP. We refer to the TLS as the evolution of the SSL given that it is based on this last certificate and works in a very similar way, basically: it encrypts the shared information.
How do you encrypt it? By means of two protocols in different layers: the authentication protocol (called TLS Record Protocol) and the mutual agreement protocol (also known as TLS Handshake Protocol).
a) Record: authentication is carried out so that the data transmission is through a private and reliable connection (the encryption and the integrity of the sender-receiver are negotiated)
b) Handshake: the message is negotiated securely. In each message, the protocol is specified in a field (called content_type) and encrypted and packaged with an authentication code (or MAC).
Therefore, in the TLS protocol, a secure and encrypted channel is carried out between the client and the server where the cryptography of the message is negotiated, the keys of the encryption are authenticated and a secure transmission is made.
PDF file:
HTTPS, SSL, TLS - Vega, Ernesto
> Computer and Education