What is https, and how does it works?

Question:

2010-09-16 16:08:20 UTC

I just noticed in my google chrome browser URLs it is written https instead of http? is it some kind of virus or spyware or something, I have no idea about these things.

Six answers:

2010-09-17 08:31:22 UTC

http is a comman protcol for veiwing file not downloading uploading etc. for that ftp is there. certain pages like mail IDs or accounts on social networking sites are accesed by https protocol as it is used to access secure pages..

2010-09-17 09:05:05 UTC

HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL.

HTTPS encrypts and decrypts the page requests and page information between the client browser and the web server using a secure Socket Layer (SSL). HTTPS by default uses port 443 as opposed to the standard HTTP port of 80. URL's beginning with HTTPS indicate that the connection between client and browser is encrypted using SSL.

SSL transactions are negotiated by means of a keybased encryption algorithm between the client and the server, this key is usually either 40 or 128 bits in strength (the higher the number of bits the more secure the transaction).

HTTPS should not be confused with S-HTTP, a security-enhanced version of HTTP. SSL and S-HTTP have very different designs and goals so it is possible to use the two protocols together. Whereas SSL is designed to establish a secure connection between two computers, S-HTTP is designed to send individual messages securely.

Both protocols have been submitted to the Internet Engineering Task Force (IETF) for approval as a standard.

Wonder Girl

2010-09-16 17:12:17 UTC

Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. HTTPS should not be confused with Secure HTTP (S-HTTP).

The main idea of HTTPS is to create a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.

The trust inherent in HTTPS is based on major certificate authorities which come pre-installed in browser software (this is equivalent to saying "I trust certificate authority (e.g. VeriSign/Microsoft/etc.) to tell me whom I should trust").

When connecting to a site with an invalid certificate, older browsers would present the user with a dialog box asking if they wanted to continue. Newer browsers display a warning across the entire window. Newer browsers also prominently display the site's security information in the address bar.

Difference from HTTP

As opposed to HTTP URLs which begin with "http://" and use port 80 by default, HTTPS URLs begin with "https://" and use port 443 by default.

HTTP is unsecured and is subject to man-in-the-middle and eavesdropping attacks which can let attackers gain access to website accounts and sensitive information. HTTPS is designed to withstand such attacks and is considered secure against such attacks (with the exception of older deprecated versions of SSL).

2010-09-16 18:13:56 UTC

http is a hypertext transfer protocol which is common url but the https hypertext transfer protocol secure which is secured i.e it is secured url wer the unknowns cant hijack

2010-09-16 16:09:33 UTC

No, it's just the site uses a different method of security.

HTTP

HTTPS

They both serve the same purpose, it basically just means connect to a different port, WIKIPEDIA it for more information! :)

GOP Behind the Scenes

2010-09-16 16:09:34 UTC

The extra "s" just means secure.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese