HTTPS

From Pulsed Media Wiki
Revision as of 12:22, 21 April 2025 by Gallogeta (talk | contribs) (Created page with "== HTTPS == '''HTTPS''' (''Hypertext Transfer Protocol Secure'') is an extension of the HTTP protocol used for secure communication over computer networks, particularly t...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

HTTPS

HTTPS (Hypertext Transfer Protocol Secure) is an extension of the HTTP protocol used for secure communication over computer networks, particularly the World Wide Web. It ensures the confidentiality, integrity, and authenticity of data exchanged between a user's browser and a website.

HTTPS encrypts the data using the Transport Layer Security (TLS) protocol (formerly SSL), preventing eavesdropping, tampering, and man-in-the-middle attacks.

How HTTPS Works

When a user visits an HTTPS-enabled website:

1. The browser requests a secure connection (via port 443). 2. The website responds with its digital certificate, issued by a trusted Certificate Authority (CA). 3. The browser verifies the certificate and performs a handshake using TLS. 4. A secure, encrypted session is established using symmetric encryption. 5. All data exchanged during the session is encrypted and protected.

Key Components

  • TLS/SSL – Cryptographic protocols that provide the encryption and security layer.
  • Digital certificate – A credential issued by a Certificate Authority (CA) verifying the website's identity.
  • Public and private keys – Used in the handshake to establish encryption parameters.

Advantages

  • Encryption – Data is unreadable to third parties.
  • Authentication – Verifies the identity of the website to the user.
  • Data integrity – Ensures data is not altered during transmission.
  • Trust – Modern browsers mark HTTPS sites as "secure" and give warnings for non-HTTPS connections.

HTTPS vs HTTP

Feature HTTP HTTPS
Port 80 443
Encryption No Yes (via TLS)
Authentication No Yes (via certificates)
Integrity checks No Yes
Use cases Insecure content Login pages, payments, sensitive data

Adoption and Usage

  • HTTPS is the standard for secure websites and is widely used for e-commerce, banking, email services, and any platform handling sensitive user data.
  • Major web browsers (e.g., Chrome, Firefox, Edge) mark HTTP sites as “Not Secure.”
  • Many sites now use Let's Encrypt, a free and automated certificate authority, to enable HTTPS.

Common HTTPS Errors

  • **Certificate expired** – The website’s certificate is no longer valid.
  • **Untrusted certificate authority** – The certificate was not issued by a recognized CA.
  • **Mixed content** – HTTPS site is loading resources over HTTP.
  • **Domain mismatch** – The certificate does not match the site’s domain.

Tools and Commands

To check a site's HTTPS certificate:

<syntaxhighlight lang="bash"> openssl s_client -connect example.com:443 </syntaxhighlight>

See Also

Retrieved from "https://wiki.pulsedmedia.com/index.php?title=HTTPS&oldid=1002745"