Difference from HTTP HTTPS
URLs begin with "https://" and use
port 443 by default, whereas
HTTP URLs begin with "http://" and use port 80 by default. HTTP is not encrypted and thus is vulnerable to
man-in-the-middle and
eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information, and modify webpages to inject
malware or advertisements. HTTPS is designed to withstand such attacks and is considered secure against them (with the exception of HTTPS implementations that use deprecated versions of SSL).
Network layers HTTP operates at the highest layer of the
TCP/IP model—the
application layer; as does the
TLS security protocol (operating as a lower sublayer of the same layer), which encrypts an HTTP message prior to transmission and decrypts a message upon arrival. Strictly speaking, HTTPS is not a separate protocol, but refers to the use of ordinary
HTTP over an
encrypted SSL/TLS connection. HTTPS encrypts all message contents, including the HTTP headers and the request/response data. With the exception of the possible
CCA cryptographic attack described in the
limitations section below, an attacker should at most be able to discover that a connection is taking place between two parties, along with their domain names and IP addresses.
Server setup To prepare a web server to accept HTTPS connections, the administrator must create a
public key certificate for the web server. This certificate must be signed by a trusted
certificate authority for the web browser to accept it without warning. The authority certifies that the certificate holder is the operator of the web server that presents it. Web browsers are generally distributed with a list of
signing certificates of major certificate authorities so that they can verify certificates signed by them.
Acquiring certificates A number of commercial
certificate authorities exist, offering paid-for SSL/TLS certificates of a number of types, including
Extended Validation Certificates.
Let's Encrypt, launched in April 2016, provides free and automated service that delivers basic SSL/TLS certificates to websites. According to the
Electronic Frontier Foundation, Let's Encrypt will make switching from HTTP to HTTPS "as easy as issuing one command, or clicking one button." The majority of web hosts and cloud providers now leverage Let's Encrypt, providing free certificates to their customers.
Use as access control The system can also be used for client
authentication in order to limit access to a web server to authorized users. To do this, the site administrator typically creates a certificate for each user, which the user loads into their browser. Normally, the certificate contains the name and e-mail address of the authorized user and is automatically checked by the server on each connection to verify the user's identity, potentially without even requiring a password.
In case of compromised secret (private) key An important property in this context is
perfect forward secrecy (PFS). Possessing one of the long-term asymmetric secret keys used to establish an HTTPS session should not make it easier to derive the short-term session key to then decrypt the conversation, even at a later time.
Diffie–Hellman key exchange (DHE) and
Elliptic-curve Diffie–Hellman key exchange (ECDHE) are in 2013 the only schemes known to have that property. In 2013, only 30% of Firefox, Opera, and Chromium Browser sessions used it, and nearly 0% of Apple's
Safari and
Microsoft Internet Explorer sessions. , 99.6% of web servers surveyed support some form of forward secrecy, and 75.2% will use forward secrecy with most browsers.
Certificate revocation A certificate may be revoked before it expires, for example because the secrecy of the private key has been compromised. Newer versions of popular browsers such as
Firefox,
Opera, and
Internet Explorer on
Windows Vista implement the
Online Certificate Status Protocol (OCSP) to verify that this is not the case. The browser sends the certificate's serial number to the certificate authority or its delegate via OCSP (Online Certificate Status Protocol) and the authority responds, telling the browser whether the certificate is still valid or not. The CA may also issue a
CRL to tell people that these certificates are revoked. CRLs are no longer required by the CA/Browser forum, nevertheless, they are still widely used by the CAs. Most revocation statuses on the Internet disappear soon after the expiration of the certificates.
Limitations SSL (Secure Sockets Layer) and TLS (Transport Layer Security) encryption can be configured in two modes:
simple and
mutual. In simple mode, authentication is only performed by the server. The mutual version requires the user to install a personal
client certificate in the web browser for user authentication. In either case, the level of protection depends on the correctness of the
implementation of the software and the
cryptographic algorithms in use. SSL/TLS does not prevent the indexing of the site by a
web crawler, and in some cases the
URI of the encrypted resource can be inferred by knowing only the intercepted request/response size. This allows an attacker to have access to the
plaintext (the publicly available static content), and the
encrypted text (the encrypted version of the static content), permitting a
cryptographic attack. Because
TLS operates at a protocol level below that of HTTP and has no knowledge of the higher-level protocols, TLS servers can only strictly present one certificate for a particular address and port combination. In the past, this meant that it was not feasible to use
name-based virtual hosting with HTTPS. A solution called
Server Name Indication (SNI) exists, which sends the hostname to the server before encrypting the connection, although older browsers do not support this extension. Support for SNI is available since
Firefox 2,
Opera 8,
Apple Safari 2.1,
Google Chrome 6, and
Internet Explorer 7 on
Windows Vista. A sophisticated type of
man-in-the-middle attack called SSL stripping was presented at the 2009
Blackhat Conference. This type of attack defeats the security provided by HTTPS by changing the link into an link, taking advantage of the fact that few Internet users actually type "https" into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP. The attacker then communicates in clear with the client. This prompted the development of a countermeasure in HTTP called
HTTP Strict Transport Security. HTTPS has been shown to be vulnerable to a range of
traffic analysis attacks. Traffic analysis attacks are a type of
side-channel attack that relies on variations in the timing and size of traffic in order to infer properties about the encrypted traffic itself. Traffic analysis is possible because SSL/TLS encryption changes the contents of traffic, but has minimal impact on the size and timing of traffic. In May 2010, a research paper by researchers from
Microsoft Research and
Indiana University discovered that detailed sensitive user data can be inferred from side channels such as packet sizes. The researchers found that, despite HTTPS protection in several high-profile, top-of-the-line web applications in healthcare, taxation, investment, and web search, an eavesdropper could infer the illnesses/medications/surgeries of the user, his/her family income, and investment secrets. The fact that most modern websites, including Google, Yahoo!, and Amazon, use HTTPS causes problems for many users trying to access public Wi-Fi hot spots, because a
captive portal Wi-Fi hot spot login page fails to load if the user tries to open an HTTPS resource. Several websites, such as NoSSL.sh, guarantee that they will always remain accessible by HTTP. ==History==