Networking / Beginners

Secure Sockets Layer and HTTPS

HTTP is not a secure protocol. Any nosy person who can plug into a network can see and read the HTTP packets moving between a Web server and a Web client. Less than nice people can easily create a fake Web site to get people to think it's a legitimate Web site and steal their user names and passwords. For an Internet application to be secure it must have authentication (user names and passwords), encryption (stirring up the data so others can't read it), and nonrepudiation (verifying that you are who you really are on both sides of the conversation). Securing TCP/IP, is dedicated to these concepts, we can't mention HTTP without at least touching on its secure counterpart, HTTPS. The Web has blossomed into a major economic player, requiring serious security for those who wish to do online transactions (e-commerce). In the early days of e-commerce, people feared that a simple credit card transaction on a less-than-secure Web site could transform their dreams of easy online buying into a nightmare of being robbed blind and ending up living in a refrigerator box.

It was never as bad as all that. And nowadays, there are a number of safeguards on the Internet that can protect your purchases and your anonymity. One such safeguard is called Secure Sockets Layer (SSL).

SSL is a protocol developed by Netscape for transmitting private documents over the Internet. SSL works by using a public key to encrypt sensitive data. This encrypted data is sent over an SSL connection, and then decrypted at the receiving end using a private key. All the popular Web browsers and Web servers support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. One way to tell if a site is using SSL is by looking at the Web page address. By convention, Web pages that use an SSL connection start with https instead of http. HTTPS stands for Hypertext Transfer Protocol over SSL. HTTPS uses TCP port 443. You can also look for a small lock icon in the lower-right corner.

The last few years have seen SSL replaced with the more powerful Transport Layer Security (TLS). Your secure Web page still looks the same as with SSL, so only the folks setting this up really care. Just make sure you know that SSL and TLS are functionally the same with Web pages.

TIP HTTP enables you to access the Web, but HTTPS gets you there securely. HTTPS uses either SSL or TLS to provide the security.

[Previous] [Contents] [Next]