What is SSL, TLS, HTTP and HTTPS? How They Work?

What is SSL, TLS, HTTP and HTTPS? How They Work?

Online security refers to the protection of personal and organizational public-facing websites from cyberattacks.

Why should I care about website security?

Cyberattacks against public-facing websites—regardless of size—are common and should result in:
  • Website defacement,
  • Loss of website availability or denial-of-service (DoS) condition,
  • Compromise of sensitive customer or organizational data,
  • An attacker taking control of the affected website,
  • Use of website as a staging point for watering hole attacks.


SSL and TLS are both cryptographic protocols that provide authentication and encoding between servers, machines, and applications operating over a network (e.g. a client connecting to a web server).
In reality, SSL is merely about 25 years old. But in internet years, that’s ancient.
The first iteration of SSL, version 1.0, was first developed in 1995 by Netscape but was never released because it had been riddled with serious security flaws. SSL 2.0 wasn’t an entire lot better, so just a year later SSL 3.0 was released.
Again, it had serious security flaws.

TLS is the new name for SSL.

Namely, SSL protocol need to version 3.0; TLS 1.0 is "SSL 3.1". 
In TLS versions there are TLS 1.1 and 1.2 included.
 Each remake adds a couple of features and modifies some internal details. We sometimes say "SSL/TLS".

Related Article: How To Recover Accidentally Deleted Data From Google(Find My Device) Command

Related Article: How To Earn/Make Money Online Top 5 Incredible Ways?

Related Article: What is a DDoS (Distributed Denial of Service) Attack?

To explain the acronyms:

#1. "SSL" means "Secure Sockets Layer". This was coined by the inventors of the first versions of the protocol, Netscape (the company was later bought by AOL).

#2. "TLS" means "Transport Layer Security". The name was changed to avoid any legal issues with Netscape in order that the protocol might be "open and free" (and published as a RFC).
It also hints at the thought that the protocol works over any bidirectional stream of bytes, not just Internet-based sockets.

Well SSL no longer exists.
Here’s the complete history of SSL and TLS releases:
  • SSL 1.0 – never publicly released due to security issues.
  • SSL 2.0 – released in 1995. Deprecated in 2011. Has known security issues.
  • SSL 3.0 – released in 1996. Deprecated in 2015. Has known security issues.
  • TLS 1.0 – released in 1999 as an upgrade to SSL 3.0. Planned deprecation in 2020.
  • TLS 1.1 – released in 2006. Planned deprecation in 2020.
  • TLS 1.2 – released in 2008.
  • TLS 1.3 – released in 2018.


What is HTTP?

HTTP stands for Hypertext Transfer Protocol. When you enter http:// in your address bar ahead of the domain, it tells the browser to connect over HTTP.
Generally HTTP uses TCP connection (Transmission Control Protocol), over port 80,
to send and receive data packets over the web.
To put it simply it is a protocol that's used by a client and server which allows you to communicate with other websites. 

The client sends a request message to an HTTP server (after the TCP handshake) which hosts a website, the server then replies with the response message. The response message contains completion status information, like HTTP/1.1 200 OK.
The problem with http though is that it's susceptible to people that might want to eavesdrop or see what your activity is all about. 

This too shouldn’t really be a serious problem if all you are doing is watching stupid videos in YouTube or googling your assignment.
Most of our activity on the internet isn’t really that important for people to really care about.
And albeit it's there to ascertain , nobody who knows the way to roll in the hay would actually bother to waste the time or face the possible legal implications of such acts.
The Internet’s answer to this is https or HTTP over SSL is a secured connection that transmits data over the internet in an encrypted form. 

This security method means albeit someone is eavesdropping, the info they get wouldn't be comprehensible or usable because they don’t have the means to decrypt it.
The entire message is decrypted only when it arrives at its designated location.
So why don’t we shift everything to https?

What is HTTPS?

HTTPS stands for Hypertext Transfer Protocol Secure (also mentioned as HTTP over TLS or HTTP over SSL).
When you enter https:// in your address bar ahead of the domain,
it tells the browser to connect over HTTPS.
Generally sites running over HTTPS will have a redirect in situ so albeit you type in http:// it'll redirect to deliver over a secured connection. 
HTTPS uses TCP(as I have said earlier)to send and receive data packets, 
but it does so over port 443,
in between a connection encrypted by TLS.

What is the difference between HTTP and HTTPS?

  • HTTP URL in your browser's address bar is http:// and therefore the HTTPS URL is https://.
  • HTTP is unsecured while HTTPS is secured.
  • HTTP sends data over port 80 while HTTPS uses port 443.
  • HTTP operates at application layer which is not secure.
  • But HTTPS operates at transport layer(Secure).
  • No SSL certificates are required for HTTP, with HTTPS it is required that you have an SSL certificate and it is signed by a CA.
  • HTTP doesn't require domain validation, where as HTTPS requires a minimum of domain validation and certain certificates even require legal instrument validation.
  • No encryption in HTTP, with HTTPS the info is encrypted before sending.

Related Article: IPV4 VS IPV6 What's the Difference? Which Is More Secure?

Related Article: What Is a URL? How does it Work?

What is SSL, TLS, HTTP and HTTPS? How They Work? What is SSL, TLS, HTTP and HTTPS? How They Work? Reviewed by Tech Wala Dost on May 11, 2020 Rating: 5

No comments:

Powered by Blogger.