What is HTTP, HTTPS, SSL & TLS ?

What is HTTP, HTTPS, SSL & TLS ?

Hello everyone, In this article, we're going to talk about HTTP, Secure HTTP and SSL & TLS. 

HTTP:

HTTP stands for Hypertext Transfer Protocol. 
This is probably the most widely used protocol in the world today. 
HTTP is the protocol that is used for viewing web pages on the Internet. 
When you type in a web address like google.com, you'll notice that HTTP is automatically added at the beginning of the Web address. 
This indicates that you are now using HTTP to retrieve this Web page.
In standard HTTP, all the information is sent in clear text. 
All the information that is exchanged between your computer and that web server, which includes any text that you type on that web site that information is transferred over the public Internet. 
Because it's transferred in clear text, it's vulnerable to anybody who wants it, such as hackers. 
Now normally, this would not be a big deal if you were just browsing regular web sites and no sensitive data such as passwords or credit card information are being used.
But if you were to type in personal sensitive data like your name, address, phone number, passwords or credit card information, that sensitive data goes from your computer and then it has to travel across the public internet to get to that web server.
This makes your data vulnerable because a hacker that's somewhere on the internet can listen and then as that data is being transferred and steal your information. 
So that your personal information and other important information can be steal by hackers and so this is a problem as far as security.
And this is why HTTPs was developed.

HTTPS: 

HTTPs stands for Secure Hypertext Transfer Protocol. 
This is HTTP with a security feature. 
Secure HTTP encrypts the data that is being retrieved by HTTP. 
It ensures that all the data that's being transferred over the internet between computers and servers is secure by making the data impossible to read. 
It does by using encryption algorithms to scramble the data that's being transferred.
For example, if you were to go to a web site that requires you to enter personal information such as passwords or credit card numbers, you will notice that an 'S' will be added to the HTTP in the Web address. 
This 'S' in the case that you are now using secure HTTP and have entered a secure web site where sensitive data is going to be passed and that data is going to be protected. 
In addition to the as being added, a lot of web browsers will also show a padlock symbol in the address bar to indicate that secure HTTP is being used.
So by using secure HTTP, all the data which includes anything that you type, is no longer sent in clear text, it's scrambled in an unreadable form as it travels across the Internet. 
So if a hacker were to try and steal your information, he would get a bunch of meaningless data because the data is encrypted and a hacker would not be able to crack the encryption to unscramble the data but there many hackers are powerful and can crack the encryption also.
Now, secure HTTP protects the data by using one of two protocols.
one protocol is SSL & second protocol is TLS.

SSL: 

SSL or Secure Sockets Layer is a protocol that's used to ensure security on the Internet.
It uses public key encryption to secure a data. 
how SSL works ? Let's see an example, 
When a computer connects to a web site that's using SSL. 
The computer's web browser will ask the web site to identify itself. 
Then the web server will send the computer a copy of its SSL certificate. 
SSL certificate is a small digital certificate that is used to authenticate the identity of a web site. 
Basically, it's used to let your computer know that the website you're visiting is trustworthy.
So then the computer's browser will check to make sure that it trust the certificate. 
And if it does, it will send a message to the web server. 
Then after the web server will respond back with an acknowledgement. 
So when SSL session can proceed, then after all these steps are complete, encrypted data can now be exchanged between your computer and the web server. 

TLS:

The other protocol that secure HTTP can use is called TLS. 
TLS or Transport Layer Security is the latest industry standard cryptographic protocol.
It is the successor to SSL and it's based on the same specifications. 
Like SSL, it also authenticates a server client and encrypts the data. 

It's also important to point out that a lot of web sites are now using secure HTTP by default on their web sites regardless if sensitive data is going to be exchanged or not. 
And a lot of this has to do with google because google is now flagging web sites as not secure if they are not protected with SSL.
If a web site is not SSL protected, google will penalize that web site in their search rankings. 
So that's why now if you go to any major web site, you'll notice that secure HTTP is being used rather than standard HTTP.