+5 votes
178 views
in Technical issues by (242k points)
reopened
HTTPS: what it means and why it matters

1 Answer

+3 votes
by (1.6m points)
edited
 
Best answer

What is HTTPS?
How does HTTPS work?
Why HTTPS Encryption Is Important
HTTPS purpose
Differences between HTTP and HTTPS

image

HTTPS: what it means and why it matters

Everyone benefits from the incredible variety of web pages on the Internet: we find entertainment, information, inspiration and services in seemingly unlimited quantities. Unfortunately, not all pages are benign: as in the analog world, there are businessmen with double intentions, delinquency and organized crime. In this way, for example, an online banking user can be tricked by a fraudulent web page to obtain access data to their accounts, or someone can install a public Wi-Fi hotspot to spy on the communication between two or more. people..

In the beginning, all internet data traffic was managed openly, in plain text and easy to hack. The HTTP protocol mediates communication between the client (browser) and the unencrypted web server, facilitating criminal activities such as metadata spying or man-in-the-middle attacks.

The HTTPS protocol was developed to make web browsing more secure. We tell you what it is and how it works..

Index
  1. What is HTTPS?
    1. HTTPS purpose
    2. Differences between HTTP and HTTPS
  2. How does HTTPS work?
  3. Why HTTPS Encryption Is Important

What is HTTPS?

HTTPS is the acronym for Hypertext Transfer Protocol Secure (in Spanish, secure hypertext transfer protocol). In a sense, the transfer protocol is the language in which the web client? Usually the browser? and the web server communicate with each other. HTTPS is a version of the transfer protocol that uses strong encryption for communication.

HTTPS purpose

HTTPS serves the following two functions:

Communication between the web client and the web server is encrypted . Through this system, it is prevented that an unauthorized third party has access to the data, for example, by observing the traffic of the Wi-Fi network..

The web server authenticates itself by sending a certificate to the browser right at the beginning of the data transmission, which guarantees the reliability of the domain. This measure helps fight fraud by fake web pages.

Differences between HTTP and HTTPS

How are HTTP and HTTPS different? The answer is simple, technically they do not differ at all. The protocol itself, that is, the syntax, is identical in both variants.

However, HTTPS uses a special transmission protocol , called SSL / TLS. It is not the protocol itself that offers more security, but the type of transfer. To better understand it, consider the following analogy:

  • Two people are talking on the phone.
  • They use a common language to communicate: HTTP.
  • The phone connection through which the call is made is not encrypted in the case of HTTP. With HTTPS, communication is protected from third parties.

The following table summarizes the most important differences from a user perspective:

  HTTP HTTPS
Transmission Unencrypted Encrypted
Certificate No Yes
Port number 80 443
Addressing in URL http: // https: //

All current web browsers warn the user when accessing a web page under the HTTP protocol.

image
This is how the security protocol is identified in the address bar of the different browsers

If you click on the icon on the left of the address bar, you will get more information:

image
Clicking on the icon opens an information box

Depending on the browser and security settings, the software will even refuse to open unsafe web pages or display a warning instead.

How does HTTPS work?

It is not HTTP itself that is responsible for security, but the underlying transfer protocol. What is the difference?

The HTTP protocol only regulates how the content that the browser and the web server exchange with each other should be structured . Instead, the transfer protocol indicates how data flows are transferred between computers. For example, it ensures that no data packets are lost. The standard transfer protocol, which is also used by HTTP, is TCP or Transmission Control Protocol.

There is an extension to this transfer protocol that encrypts data flows: it is called TLS (formerly SSL). All data transmitted using this protocol is encrypted in such a way that only the actual recipient (the browser or the web server) can access the transferred content.

When a URL begins with https: // , the browser automatically adds port number 443. This number tells the receiving computer to communicate via TLS / SSL.

Why HTTPS Encryption Is Important

The ability of hackers to spy on and manipulate web pages is increasing. For this reason, it is important to encrypt data flows, especially in open access networks such as public Wi-Fi hotspots.

HTTPS is the new standard . As we have already mentioned, web pages that do not have the certificate are negatively highlighted or blocked by current browsers. Also, HTTPS is likely to have a positive effect on Google rankings , even though Google has not yet expressly recognized it.

In Europe, the General Data Protection Regulation (GDPR) stipulates that web pages must be kept up-to-date in terms of security, so they should all be on HTTPS.

advice

With this article you can learn how to convert your website to HTTPS.


...