Why HTTPS Matters: Understanding HTTP, SSL/TLS, and Encryption Basics

Protocol security and encryption are gaining increasing attention; this article shares essential knowledge about protocol encryption, focusing on the background needed to understand HTTPS.

Basic terminology: meanings of HTTPS, SSL, and TLS.

Relationship between HTTP and TCP, especially short‑connection vs long‑connection.

Concepts of encryption algorithms, particularly the difference between symmetric and asymmetric encryption.

Purpose of CA certificates.

1. Clarifying Terms – HTTPS, SSL, TLS

1.1 What is HTTP?

HTTP is a network protocol used to transfer web content. When you visit a website, the browser accesses a URL such as http://www.xxx.com/ . Most websites use HTTP to deliver pages, images, CSS, and JavaScript.

1.2 What are SSL and TLS?

SSL (Secure Sockets Layer) was designed by Netscape in the mid‑1990s to protect the plaintext HTTP traffic from eavesdropping and tampering. In 1999 the IETF standardized SSL as TLS (Transport Layer Security). SSL/TLS are essentially the same protocol at different stages.

1.3 What is HTTPS?

HTTPS is simply HTTP combined with SSL/TLS – often described as “HTTP over SSL” or “HTTP over TLS”.

2. Characteristics of the HTTP Protocol

2.1 HTTP Versions and History

Current mainstream version is HTTP/1.1 (drafted in 1995, published in 1999). Earlier versions 0.9 and 1.0 existed, with 0.9 rarely used. HTTP/2.0 was being standardized in 2015.

2.2 Relationship Between HTTP and TCP

TCP is the transport‑layer foundation for HTTP. Many application‑layer protocols (FTP, SMTP, POP, IMAP) also rely on TCP.

2.3 How HTTP Uses TCP Connections

HTTP can use short connections (one TCP connection per request) or persistent connections (Keep‑Alive). In short‑connection mode each resource (HTML, images, CSS, JS) triggers a new TCP handshake, while persistent connections reuse a single TCP socket for multiple resources, improving efficiency. HTTP/1.1 defaults to Keep‑Alive.

3. Symmetric vs Asymmetric Encryption

3.1 What are Encryption and Decryption?

Encryption transforms plaintext into ciphertext; decryption restores ciphertext to plaintext, both using a key.

3.2 Symmetric Encryption

Encryption and decryption use the same key, similar to a password‑protected archive.

3.3 Asymmetric Encryption

Encryption and decryption use different keys (public and private), a revolutionary concept in cryptography.

3.4 Advantages and Disadvantages

Asymmetric encryption offers more functionality but is computationally heavier, influencing SSL design.

4. Requirements of the HTTPS Protocol

HTTPS was designed to meet several key requirements:

4.1 Compatibility

HTTPS must remain compatible with existing HTTP applications and cause minimal changes for browsers and servers. It essentially wraps HTTP inside SSL/TLS, like adding a metal pipe around a plastic water pipe.

4.2 Extensibility

SSL/TLS can be paired with many application‑layer protocols (FTP, SMTP, POP, Telnet) to secure them.

4.3 Confidentiality

HTTPS must protect data from eavesdropping and replay attacks.

4.4 Integrity

HTTPS must ensure that transmitted content is not altered, preventing tampering such as ISP‑injected advertisements.

4.5 Authenticity

HTTPS must verify that the server is truly the intended one, mitigating DNS spoofing and hijacking.

4.6 Performance

HTTPS must not degrade performance excessively. Designers consider algorithm selection (symmetric vs asymmetric) and how to handle HTTP’s short‑connection behavior.