If you’ve ever wondered how data gets transferred securely over the internet, then you’ll want to read this article.

I’ll explain how HTTP, HTTPS, SSL, and TLS work individually, and how they work together to ensure your communication on the internet is secure.

How Does HTTP Work?

HTTP stands for Hypertext Transfer Protocol. This protocol forms the basis of communication on the World Wide Web. It is primarily used to send and receive data over the internet.

HTTP is a request-response protocol that allows you to fetch internet resources via hypertext messages from a server.

HTTP clients usually use TCP (Transmission Control Protocol) connections to communicate with servers.

Let’s explain this using an example.

Suppose you type the URL https://twitter.com/ into your browser and hit Enter.

After DNS resolves the web address, the following 5 steps will take place in order.

1 – A TCP connection is established.

2 – Your browser will send a “request message” to the HTTP server. This message contains:

• A Request line
• A Request header and,
• A Request body

The request line usually contains a method type that defines the type of request.

In this scenario, a “GET” method will be used in the request line.

A GET method requests the web resource.

Other commonly used methods are POST, PUT, and DELETE.

In addition to the method, the request line also contains URI and HTTP version.

Here’s an example of a GET method: GET /utilities/weatherfull/city/Detroit/ HTTP/1.1

Another important part of a request message is the “Header”.  The “Header” contains rules such as language, type of file (text,HTML, or image), and host address.

3 – The HTTP server will map the URL to a file under the HTTP servers document directory.

4 – The sever will then send a “response message.” A response message in HTTP usually contains a status code, header, and the actual file that was requested in the request message. The status code indicates whether the request succeeded or failed. For example, a 200-success code means that the request succeeded.

5 – Your browser will now process the HTML it received and repeat the same process for other resources that it needs, such as CSS files, images, JavaScript files, and others.

How Does HTTPS Work?

HTTPS stands for Hypertext Transfer Protocol Secure. HTTPS works similar to HTTP.

The biggest difference between the two protocols is, with HTTP the data being transferred is not encrypted, and therefore the data transfer process is not secure.

With HTTPS, a layer of security is added using TLS (Transport Layer Security) or SSL (Secure Socket Layer). In simple terms, HTTP running over TLS or SSL becomes HTTPS.

We will get into the details of TLS and SSL shortly.

But before that, let’s dive a bit deeper to understand what makes HTTPS special and different from HTTP.

Difference Between HTTP and HTTPS

What makes HTTPS secure and better than HTTP is the fact that HTTPS has a mechanism to ensure that the client or browser is talking to the correct server, and that server is talking to correct client.

For example, if you were to give a very secret message to someone over the phone, you’d want to be sure that the person on the other end of the phone is actually the person who’s supposed to hear the message and not an untrusted third party.

HTTPS ensures that the end to end communication is secure by using digital certificates.

Digital Certificates

Digital certificates are digital documents that prove the identity of its owner.

A certificate is just like an ID.

Similar to the way your bank asks for your ID before giving you access to your account; the HTTPS protocol authenticates and validates a digital certificate before sending or receiving data over internet.

In this context, a digital certificate is used to authenticate the ownership of a public key.

What is a public key? You might be asking.

Public and Private Keys

Ok, before we continue let’s understand the concept of public and private keys.

With HTTPS, when user A wants to send a private message to user B, they encrypt or lock this message using the public key of user B.

When the message reaches user B, user B will check the message’s public key and use its corresponding private key to unlock the message.

Two important things to note here:

1 – Private keys are never shared over the internet in HTTPS and,

2 – Every public key has its own private key.

This public/private key mechanism ensures that hackers or un-trusted third parties are not able to unlock data being sent or received over the internet.

Let’s look at an example of how HTTPS works, step by step.

1 – Let’s say you want to open Youtube.com. You type the URL and hit Enter.

2 – The Youtube server sends your browser its certificate with a public key.

3 – Your browser verifies the public key it received.

4 – Your browser tells the Youtube server that it has verified the public key it received and has now created a new secret key, otherwise known as a “session key” and encrypted it with the Youtube server’s public key.

5 – The Youtube server decrypts this new ‘session key’ using its private key.

Now, the server and the client are the only two machines on the internet who are aware of this new session key. All of the communication from now on between the two machines will be encrypted using this new key.

How Does SSL Work?

SSL stands for Secure Socket Layer. SSL is a protocol that is used to secure data communications between a client or browser, and a server over the web.

Netscape developed SSL protocols. The latest version of SSL, SSL 3.0, was declared obsolete in 2015 after experts found several vulnerabilities with it.

Since then, TLS is the most commonly used protocol to ensure security and encryption of data transfer sessions.

How does SSL work?

All the data transfer and encryption steps you saw in the ‘How Does HTTPS Work’ section was actually SSL in action.

SSL develops a secure connection by verifying the authenticity of both the client and server. This is done using an “SSL Handshake.”

In an SSL Handshake, the server and client perform the following steps:

1 – Authenticate each other’s identity using digital certificates and public keys

2 – Specify the SSL version they will use

3 – Specify the type of encryption algorithm to use and,

4 – Generate session keys

After the SSL Handshake, the client and server start the data transfer process.

Another important thing, SSL ensures data integrity.  It ensures that data remains the same throughout its travels over the internet and that nobody changes it, alters it or tampers with it.  It does this using message authentication code, otherwise known as MAC.

The sender signs data packets with a MAC and the recipient verifies the MAC to ensure the integrity of the data.

How Does TLS Work?

TLS stands for Transport Layer Security. It is essentially a newer version of SSL.

After SSL was retired in 2015, TLS became the standard encryption and data security protocol used to ensure secure data transfer between clients and servers over the internet.

TLS works almost exactly like SSL. TLS has three main jobs:

1 – Encryption of data

2 – Authentication – It ensures that the parties exchanging information are actually who they claim to be and,

3 – Data Integrity – It makes sure that data doesn’t get altered or forged during transmission using MAC – Message Authentication Code.

Just like SSL, TLS also uses a “handshake” mechanism to create a secure connection before the actual data transfer process.

And there you have it, that’s the way HTTP, HTTPS, SSL, and TLS work together to ensure that our communication over the Internet is secure and reliable.