View Categories

Understanding how HTTPS works

1 min read

HTTPS uses an encryption protocol to encrypt communications from client to server.  The encryption protocol use to be called SSL (Secure Socket Layer) but since then the encryption protocol has involved to the more secure method called TLS (Transport Layer Security).  TLS secures communications by using what’s known as an asymmetric public key infrastructure which uses two different keys to encrypt the communications between client and server.

  1. Private Key: this key is controlled by the owner of the server (website) and its kept private.  The key lives on a server and is used to decrypt information encrypted by the public key.
  2. Public Key: this key is available to everyone who wants to interact with the server in a secure manner.  Information that’s encrypted by the public key can only be decrypted by the private key.

HTTPS helps prevent websites from having their information broadcasted in a way that’s easily viewed by anyone on the network since HTTP transmits everything in plain text which is easy to view using any sniffer making the server and information being shared, vulnerable to on-path attacks.

How does it work?

When a user connects to the server (website) the server will send over its TLS certificate which contains the public key necessary to start the secure session.

Next the client and server go through a process called an SSL/TLS handshake which is a series of back and forth communications used to establish a secure connection.

Protected By
Shield Security