HTTPS

HTTP conversations conducted using TLS are called HTTP Secure (HTTPS). HTTPS requires the client and server to perform a TLS handshake in which both parties agree on an encryption method and exchange encryption keys.

The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.

TLS Handshake

🔑 Each TLS certificate consists of a key pair made of a public key and a private key.

🫱🫲 Every time you visit a website, the client server and web browser communicate to ensure there is a secure TLS/SSL encrypted connection.

🎁 When a browser directs to a secured website, the website server shares its TLS/SSL certificate and its public key with the client to establish a secure connection and a unique session key.

✅ The browser confirms that it recognizes and trusts the issuer, or Certificate Authority, of the SSL certificate.

🗝️ The browser sends back a symmetric session key and the server decrypts the symmetric session key using its private key. The server then sends back an acknowledgment encrypted with the session key to start the encrypted session.

🔐 The server and browser now encrypt all transmitted data with the session key. They begin a secure session that protects message privacy, message integrity, and server security.

What is SSL?

SSL was a widely used cryptographic protocol for providing data security for Internet communications.

SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.