- Hypertext Transfer Protocol or HTTP: This is the standard application protocol layer that all web traffic operates over. Other transports do exist, but this is the standard known and used by the vast majority of anything that is on the public internet. For the discussion in this article, I’ll be using this as the basic transport assumption throughout the article.
- HTTP Secure or HTTPS: Hypertext Transport Protocol Secure is standard HTTP layered on/under(?) TLS or SSL based protocols for security.
- Secure Sockets Layer or SSL: A cryptographic protocol designed to provide communication securely on the internet. They use X.509 certificates to prove asymmetric cryptography to authenticate the counterparty with whom they are communicating and exchange a symmetric key. The session key is then used to encrypt data that travels between the parties over HTTP. This, in theory, provides message confidentiality, authentication codes and respectively message authentication. A key feature concept is forward secrecy, which insures the short-term session key cannot be derived form the long-term asymmetric secret key. This is used in web browsing, API services, email, internet faxes, instant messaging and voice over IP (VoIP).
- Transport Layer Security or TLS: TLS is the successor of SSL and provides a more modern level of security that SSL v2 or v3. SSL v2 is generally even turned off in every major browser and considered to be insecure under most circumstances. As a cryptographic protocol TLS is designed similarly to SSL to stop man-in-the-middle, tapping and related attacks.
3 thoughts on “What is HTTP vs. HTTPS vs. SSL/TLS?”
You must log in to post a comment.
HTTP/2 will be in the news next year, perhaps include it to head off doubts. If the doco is targeted at giving users confidence, describe the good choices made on their behalf. If security is key to wining adoption include schematics to show best choices made to keep user data secure. http://crypto.stanford.edu/cs142/lectures/24-https.pdf
Good to note. I just kind of rambled these together from memory and wanted to make sure I had the rudimentary basics down. Thanks for the comment, I’ll make note of HTTP/2.
Latest deconstructed schematic looks audacious for turning certainty of demand into supply (local public companies are struggling with this).