Alok blogs

HTTP VS HTTPS Protocols

Alok Tamrakar's photo
Alok Tamrakar
·

4 min read

HTTP VS HTTPS Protocols

Table of Content

  1. HTTP vs HTTPS : Understanding Secure Communication

  2. The Role of SSL / TLS in Protecting Data Online

HTTP VS HTTPS

Hypertext Transfer Protocol is a protocol or set of communication rules for client - server communication . When you visit a website , your browser sends a http request to the web server , which responds with an HTTP response . The web server and your browser exchanges data as plaintext . In short , HTTP protocol is the underlying technology that powers network communications . As the name suggests , Hypertext transfer protocol secure (HTTPS) is a more secure version or an extension of HTTP. In HTTPS , the browser and server establish a secure, encrypted connection before transferring data.

How does HTTP protocol work ?

HTTP is an application layer protocol in the Open System Interconnection (OSI) network communication model . It defines several types of request and responses. For example , when you want to view some data from a website , you send the HTTP Get request . if you want to send some information, like filing our a contact form, you send the HTTP post request .

Similarly, the server sends different types of HTTP responses in the form of number codes and data. Here are some examples:

  • 200 - OK

  • 400 - Bad request

  • 404 - Resource not found

This request-response communication is usually invisible to your users. It’s the communication method that the browser and web servers use, so the World Wide Web works consistently for everyone.

How HTTPS protocol works ?

HTTP transmits unencrypted data ,which means that infomation sent from a browser can be intercepted and read by third parties . This wasn’t an ideal process, so it was extended into HTTPS to add another layer of security to communication. HTTPS combines HTTP request and response with SSL and TLS technology.

HTTPS websites must obtanin an SSL/TLS certificate from an independent certificate authority . These websites share the cerificate with the broser before exchanging dat to establish trust . The SSL certificate also contains crytographic information , so the server and web brosers can exhange encypted or scrambled data. THe process works like this :

  1. You visit an HTTPS website by typing https:// url in browser

  2. The browser attempts to verify the site’s authenticity by requesting the server’s SSL certificate.

  3. The servers sends the SSL certificate that contains a public key as a reply.

  4. The website’s SSL certificate proves the server identity. Once the browser is satisfied, it uses the public key to encrypt and send a mesage that contains a secret session key.

  5. The web server uses its private key to decrypt the message and retrieve the session key. It then encrypts the session key and sends an acknowledgement message to the browser .

  6. Now, both browser and web server switch to using the same session key to exchange messages safely.

Role of SSL / TLS in Protecting Data Online

SSL (Secure Sockets Layer ) encryption , and its more modern and secure replacement, TLS (Transport Layer Security ) encryption , protect data sent over the internet or a computer network. This prevents attackers (and ISP) from viewing or tampering with data exhchanged btw two nodes - typically a user’s web browser and web server .

How Does It Work ?

SSL / TLS uses both asymmetric and symmetric encryption to protect the confidentiallity and integrity of data in transmit . Asymmetric encryption is used to establish a seure session btw a client and a server , and symmetric encryption is used to exchange data with the secured session .

A website must have an SSL/TLS certificate for their web server/domain name to use SSL/TLS encryption. Once installed, the certificate enables the client and server to securely negotiate the level of encryption in the following steps:

  1. The client contacts the server using a secure URL (HTTPS…).

  2. The server sends the client its certificate and public key.

  3. The client verifies this with a Trusted Root Certification Authority to ensure the certificate is legitimate.

  4. The client and server negotiate the strongest type of encryption that each can support.

  5. The client encrypts a session (secret) key with the server’s public key, and sends it back to the server.

  6. The server decrypts the client communication with its private key, and the session is established.

  7. The session key (symmetric encryption) is now used to encrypt and decrypt data transmitted between the client and server.

Both the client and server are now using HTTPS (SSL/TLS + HTTP) for their communication. Web browsers validate this with a lock icon in the browser address bar. HTTPS functions over Port 443.

Once you leave the website, those keys are discarded. On your next visit, a new handshake is negotiated, and a new set of keys are generated.

Signing Off!!

Finishing off with the article here. I really hope, I made the article worth your while and you learned a great deal from it.

More than happy to address any improvements and suggestions. Please feel free to drop a comment.

Connect with me via: LinkedIn

ChaiCodeChaiaurcodehttp