Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

The principal motivations for HTTPS are authentication of the accessed website and protection of the privacy and integrity of the exchanged data while it is in transit. It protects against man-in-the-middle attacks, and the bidirectional block cipher encryption of communications between a client and server protects the communications against eavesdropping and tampering. The authentication aspect of HTTPS requires a trusted third party to sign server-side digital certificates. This was historically an expensive operation, which meant fully authenticated HTTPS connections were usually found only on secured payment transaction services and other secured corporate information systems on the World Wide Web. In 2016, a campaign by the Electronic Frontier Foundation with the support of web browser developers led to the protocol becoming more prevalent. HTTPS is now used more often by web users than the original, non-secure HTTP, primarily to protect page authenticity on all types of websites, secure accounts, and keep user communications, identity, and web browsing private.

Wikipedia

HTTPs communications

HTTPS over TCP with TLS 1.2

|700x600

  1. Client says to server let's sync
  2. Server replies OK and I acknowledged your previous message
  3. Client says Cool; I acknowledged that you agreed to sync with me.
  4. Client asks Hello server which Encryption key should we use
  5. Server said we will use XYZ algo
  6. Client replies cool, here is my public key + other info
  7. Server replies, here is my public key + other info
  8. Client makes HTTPS call
  9. Server responds

HTTPS over TCP with TLS 1.3

|700

  1. Client says to server let's sync
  2. Server replies OK and I acknowledged your previous message
  3. Client says Cool; I acknowledged that you agreed to sync with me.
  4. Client says as there are a handful of encryption algo there, here is my public key + other info
  5. Server says, wow you are being pretty proactive, here is my public key + other info
  6. Client makes HTTPS call
  7. Server responds

HTTPS over QUIC

|700

HTTPS over TCP fast Open

|700

HTTPS over TCP with TLS 1.3 ORTT

|700

HTTPS over QUIC with ORTT

|700

*Source: https://www.udemy.com/course/fundamentals-of-backend-communications-and-protocols/learn/lecture/34630368#overview

Thoughts 🤔 by Soumendra Kumar Sahoo is licensed under CC BY 4.0