HTTPS uses Transport Layer Security (TLS)/SSL protocol to encrypt connections between the client and the server. It uses asymmetric encryption that creates private and public keys to secure the communication.
The private key is kept on the server which is not shared or visible to unauthorized users. It is used to decrypt communication that was encrypted using the public key. And, public key is distributed and available to anyone to connect to the server. Information encrypted by the public key can be decrypted only by the private key and vice versa. The public key is also attached to the SSL/TLS certificate so that anyone can confirm the authenticity of the public key and the server they are connecting to.
Why is HTTPS so vital?
Think, if HTTPS was absent, a malicious user could view the messages being exchanged, which can contain credentials, bank information, or other sensitive data that lead to privacy issues or fraud. This data can be easily sniffed using free public Wi-Fi or even in-home networks where a sniffer can collect bank information and other sensitive information.
Apart from being vulnerable to MITM attacks, HTTP can also allow intermediaries, such as ISP, to inject content without any approvals. These injections can be in the form of ads or spam, which can harm the experience. HTTPS eliminates the ability to inject content or any other information to the website and protects against attacks such as MITM.
HTTP vs HTTPS: How HTTPS is different from HTTP?
HTTP and HTTPS are not inherently built differently. Both of these protocols are used to display webpages. The only big difference is the encryption used in HTTPS, which is done via TLS/SSL encryption over HTTP. HTTPS also use certificates to ensure the authenticity of the server and also confirms the ownership of the public key that would be used to encrypt the communication.
When the client connects to the server, an SSL certificate is exchanged, containing the public key and other parameters needed for the communication. The client and the server go through an SSL handshake to establish secure communication.
HTTPS, or Hypertext Transfer Protocol Secure, is the secure version of HTTP, which is the only primary protocol browsers use to connect to web servers and display web pages to users. HTTPS uses asymmetric encryption to secure the data in transport between the web server and client.
HTTPS is more favorable where privacy is more relevant. These can be situations where we are making online transactions, logging into our bank, or other tasks that would include the usage of sensitive documents.
Websites with an ability to log in or which contains sensitive information should use HTTPS instead of HTTP. Modern browsers such as Chrome, Firefox do not even let users enter a website without HTTPS enabled. If a user tried to open such a website, it might be flagged or warned to the user, or the browser would not let the user open such a website at all.
Compiled by: Azizul maqsud