Folklore tells a story about a man whose life resided in his parrot. Any harm to the parrot meant harm to his owner. Simply put, the Hypertext Transfer Protocol (HTTP) is the parrot that holds internet’s soul. It is the life of the interwebs as we know it. However, it is surprising that many people are unaware of the details of HTTP and its secure variant HTTPS.
What is HTTP?
Protocols guide and guard all messages that can be sent and received on the internet. Hypertext Transfer Protocol is the protocol your browser and other web servers use to communicate. HTTP protocol allows smooth sharing of files and documents around the web. There are two roles in HTTP: server and client. The client initiates a conversation to which the server responds.
Because HTTP is text-based, this conversation happens in bit of text but can also use media. HTTP messages consist of a header and a body. The header has metadata with essential information and other HTTP methods. The body may or may not remain empty in a conversation, so the header sets the foundation of a message.
What is HTTPS
HTTPS or HTTP Secure is the secure version of HTTP. It is an application specific implementation HTTP is widely used around the world to enable encrypted communication through secure channel on a web server. In HTTPS, mostly the data is encrypted with SSL and TLS. The process allows the network to transition from HTTP into HTTPS.
The only difference between HTTP and HTTPS is that the data encryption of the latter uses special protocols. HTTPS appears in the URL when the site you are visiting is protected by an SSL certificate. Click on the lock symbol beside the URL to read the details of the certificate, issuing authority and website owner’s name.
SSL stands for Secure Sockets Layer; it was a protocol used by Netscape. SSL is the technological standard for keeping data secure on the internet. The Netscape browser used SSL way back when it was launched in 1995. By internet standards, SSL can be classified in the old and respected community of internet features. Netscape was the only browser using SSL until 1999 when Microsoft jumped in and asked for similar standards. The Internet Engineering Task Force (IETF) took hold of SSL to make it a norm and make it accessible for use.
- SSL prevents criminals to steal or read data between a client and a server
- It prevents the modification of information sent across the web
- When data is encrypted, it is impossible to read whether it is between client to server or server to server
After taking charge of SSL, the IETF renamed SSL to TLS, Transport Layer Security. TLS kept evolving and being implemented on web browsers and the most recent version was launched in 2018. If you check, your browser might be supporting TLS 1.3. If your browser doesn’t support it, do not worry because TLS 1.2 is the recommended and running version on most browsers today. TLS is the improved version of SSL but not referred as TLS because SSL is commonly used.
How HTTPS Works
A certificate authority (CA) has three main functions as a neutral third-party:
- Issue HTTPS certificates
- Confirm the identity of the owner
- Providing a valid proof of certification
Only trusted entities can be accepted for this task as being a CA requires intense security audits. While bigger browsers like Apple, Mozzila and Windows have their own root stores with trusted CAs, other entities need to access a CA and buy a certificate. The certificate verifies your domain name and nothing else. Every browser will check your certificate and match if it is sent by a verified entity. If a certificate is fishy, the browser will warn you that ‘Your connection is not secure’. In case of HTTPs, you’ll also see a padlock present on the browser. There are also tools that can tell you whether or not a website is using an HTTPS connection.