Hypertext Transfer Protocol - No Data Encryption
The Hypertext Transfer Protocol (HTTP) is an application-level protocol
for distributed, collaborative, hypermedia information systems.
And HTTP operates on Transmission Control Protocol (TCP) Port 80 by default, meaning your computer must send and receive data through this port to use HTTP.
All communications sent over regular Hypertext Transfer Protocol connections are in 'plain text' and can be read by any hacker that manages to break into the connection between your browser and the website. This presents a clear danger if the 'communication' is on an order form and includes your credit card details or social security number.
Hyper Text Transfer Protocol Secure - Encrypted Connections
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP.
All communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.
The chief distinction is that it uses TCP Port 443 by default, so HTTP and HTTPS are two separate communications.
Hyper Text Transfer Protocol Secure differentiates one sender and receiver from another. Secure Sockets Layer (SSL) takes the data, going or coming, and encrypts it.
HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). HTTPS creates a secure channel over an insecure network.
Both the TLS and SSL protocols use what is known as an 'asymmetric' Public Key Infrastructure (PKI) system. An asymmetric system uses two 'keys' to encrypt communications, a 'public' key and a 'private' key. Anything encrypted with the public key can only be decrypted by the private key and vice-versa.
'Public' and a 'Private' keys of HTTPS connection
As the names suggest, the 'private' key should be kept strictly protected and should only be accessible the owner of the private key. In the case of a website, the private key remains securely ensconced on the web server.
Conversely, the public key is intended to be distributed to anybody and everybody that needs to be able to decrypt information that was encrypted with the private key.
Process of HTTPS connection
SSL certificate
When you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session.
SSL handshake
Based on this initial exchange, your browser and the website then initiate the 'SSL handshake'. The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website.
When a trusted SSL Digital Certificate is used during a HTTPS connection, users will see a padlock icon in the browser address bar. When an Extended Validation Certificate is installed on a web site, the address bar will turn green.
With a HTTPS connection, all communications are securely encrypted. This means that even if somebody managed to break into the connection, they would not be able decrypt any of the data which passes between you and the website.