HTTPS is the secure version of HTTP, the communication protocol of the World Wide Web. It was invented by Netscape Communications Corporation to provide authentication and encrypted communication and is used in electronic commerce.

Instead of using plain text socket communication, HTTPS encrypts the session data using either a version of the SSL (Secure Socket Layer) protocol or the TLS (Transport Layer Security) protocol, thus ensuring reasonable protection from eavesdroppers, and man in the middle attacks. The default TCP/IP port of HTTPS is 443.

The level of protection depends on the correctness of the implementation by the web browser and the server software and the actual cryptographic algorithms supported.

In web pages that use HTTPS, the URL begins with 'https://' rather than 'http://'.

A common misconception among credit card users on the Web is that HTTPS "fully" protects their transaction when submitting a card purchase, when in reality it only encrypts their card information between their browser and the receiving Web server. At that point, their card information is typically stored in a server database (often not even immediately transmitted to a credit card processor), and it is the server and database that is usually attacked and compromised by unauthorized users.

See also

• Computer security
• Internet protocol suite

External link

• Technical Descriptions of Secured HTTP
• Technical specification of HTTP over TLS (RFC 2818)
• SSL/TLS Strong Encryption: An Introduction from the Apache HTTP Server Version 2.0 Documentation