HyperText Transfer Protocol Secure

HTTPS is a cryptographically enhanced version of the HTTP protocol. When we visit an SSL enabled website with a browser, the web server provides a certificate that contains a public key.

SSL encryption procedures leverage both Asymmetric-Key Encryption and Symmetric-Key Encryption. First, the server and client agree on a symmetric session key, which is encrypted by the client with the server's public key. This session key is then transmitted over the network to the server. Next, the server uses its private key to decrypt the session key.

This manoeuvre allows the client and server to bypass the inherent weakness of symmetric encryption by using asymmetric encryption to transmit the symmetric key. After the initial key exchange, both parties can use the same session key to encrypt and decrypt all future data transferred to each other. But if the initial private key used to decrypt the session key ever becomes compromised, then it would be possible to decrypt the session key, and therefore all the data that has been encrypted with it.

To overcome this problem and several other major deficiencies, a new standard called Transport Layer Security was introduced. Over time, TLS versions started to introduce more and more cipher suites that supported Forward Secrecy.


Relevant Note(s):