A. HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer or HTTP over SSL. HTTPS encrypts and decrypts the page requests and page information between the client browser and the web server using a secure Socket Layer (SSL). HTTPS by default uses port 443 as opposed to the standard HTTP port of 80. URL's beginning with HTTPS indicate that the connection between client and browser is encrypted using SSL.
SSL transactions are negotiated by means of a key based encryption algorithm between the client and the server, this key is usually either 40 or 128 bits in strength (the higher the number of bits the more secure the transaction).
HTTPS should not be confused with S-HTTP, a security-enhanced version of HTTP. SSL and S-HTTP have very different designs and goals so it is possible to use the two protocols together. Whereas SSL is designed to establish a secure connection between two computers, S-HTTP is designed to send individual messages securely.
Both protocols have been submitted to the Internet Engineering Task Force (IETF) for approval as a standard.
What is Secure Socket Layer (SSL)?
A. Originally developed by Netscape, SSL - short for Secure Sockets Layer - has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers. SSL works by using a public key to encrypt data that's transferred over the SSL connection.
The Transmission Control Protocol/Internet Protocol (TCP/IP) controls and is responsible for the routing and transmission of data all over the Internet. The SSL protocol runs in a "layer" above TCP/IP and below higher-level protocols such as HTTP or IMAP. SSL allows an SSL enabled server to authenticate itself to an SSL enabled client and vice versa enabling both machines to establish an encrypted connection .
SSL makes use of a public key infrastructure (PKI) to operate. The server operating securely generally obtains an SSL key and certificate pair from an issuing authority. It then makes these available on the server itself and announces the availability within the protocol exchanges between the server and client.
An SSL exchange is initiated with an SSL handshake where the client and the server exchange information with each other regarding the encryption information indicated by the SSL certificate.
Once this handshake is completed both the client and the server know exactly how to encrypt the information in a way that the other end will understand and be able to decrypt.
From that point on, anyone listening to (or snooping on) the data transfer between the client and the server will only see this encrypted information. They would then have to spend a long time decrypting it before they could make any sense out of it.
The greater the number of bits used when generating a certificate the stronger the encryption used with 1024 bit keys now being commonplace. It can take weeks of work using fast computers to successfully decrypt such a key. SSL encryption is available on web pages to a secure server. Further, messaging servers (such as
SSL has more recently become known as Transport Layer Security, or TLS for short.
.jpg)