What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP that encrypts all communication between a web browser and server using TLS (Transport Layer Security). It protects data integrity, confidentiality, and authenticates the server's identity.
Quick Facts
| Full Name | Hypertext Transfer Protocol Secure |
|---|---|
| Created | 1994 by Netscape |
| Specification | Official Specification |
How HTTPS Works
HTTPS was developed by Netscape in 1994 for their Navigator browser. It wraps HTTP inside TLS encryption, preventing eavesdropping, tampering, and man-in-the-middle attacks. HTTPS uses digital certificates issued by Certificate Authorities (CAs) to verify server identity. Modern browsers mark HTTP sites as 'Not Secure' and require HTTPS for features like geolocation, service workers, and HTTP/2. Let's Encrypt has made free TLS certificates widely available, accelerating HTTPS adoption. HTTPS typically uses port 443 instead of HTTP's port 80.
Key Characteristics
- Encrypts all data in transit using TLS
- Authenticates server identity via certificates
- Protects against eavesdropping and tampering
- Uses port 443 by default
- Required for modern web features
- Visual indicator (padlock) in browsers
Common Use Cases
- Secure website communication
- Online banking and e-commerce
- Login and authentication pages
- API security
- Any site handling sensitive data
Example
HTTPS URL:
https://www.example.com/secure-page
TLS Handshake Process:
1. Client Hello (supported cipher suites)
2. Server Hello (chosen cipher, certificate)
3. Client verifies certificate
4. Key exchange (establish session key)
5. Encrypted communication begins
Certificate Information:
Issuer: Let's Encrypt Authority X3
Subject: www.example.com
Valid From: 2024-01-01
Valid To: 2024-04-01
Public Key: RSA 2048 bits
HTTPS Headers:
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: upgrade-insecure-requests
Redirect HTTP to HTTPS:
server {
listen 80;
return 301 https://$host$request_uri;
}