Understanding HTTPS: Protocol Basics, Encryption Concepts, and Design Requirements

1. Clarify Terms – HTTPS, SSL, TLS

HTTPS combines HTTP with SSL/TLS to provide encrypted communication. SSL (Secure Sockets Layer) was created by Netscape in the 1990s to protect HTTP traffic, later standardized as TLS (Transport Layer Security).

What is HTTP?

HTTP is an application‑layer protocol used to transfer web content such as HTML, images, CSS, and JavaScript.

What are SSL/TLS?

SSL/TLS adds a security layer over TCP, preventing eavesdropping and tampering. TLS is the modern name for SSL after IETF standardization.

What is HTTPS?

HTTPS is essentially “HTTP over SSL/TLS”, providing confidentiality, integrity, and authenticity.

2. HTTP Protocol Characteristics

HTTP/1.1 (released 1999) introduced persistent connections (Keep‑Alive) to avoid the overhead of short connections used in HTTP/1.0.

HTTP and TCP Relationship

TCP is the transport‑layer protocol that HTTP relies on for reliable data delivery.

Short vs. Persistent Connections

Short connections open a new TCP socket for each resource, while persistent connections reuse a single socket for multiple resources, improving performance.

3. Symmetric vs. Asymmetric Encryption

Symmetric encryption uses the same key for encryption and decryption; asymmetric encryption uses a public‑private key pair, offering more functionality but higher computational cost.

4. HTTPS Design Requirements

HTTPS must be compatible with existing HTTP, extensible to other application protocols, provide confidentiality against sniffing and replay attacks, ensure integrity and authenticity (prevent tampering and spoofing), and maintain acceptable performance by selecting appropriate cryptographic algorithms and supporting persistent connections.