How the HTTPS protocol connection works

Idevised in the 90s, the HTTPS protocol protects our surfing thanks to the combination of encryption and certification of web portals

If every day we can access the web to read news,

If every day we can access the web to read news, chat with our friends, post photos on social networks and consult e-mail, it's thanks to a technology and a series of protocols conceived between the end of the '80s and the beginning of the '90s in the CERN laboratories of Geneva by Tim Berners Lee.

Among these, one of the most important was (and is) the HTTP protocol (acronym of HyperText Transfer Protocol, "protocol for the transmission of hypertext documents"), "responsible" for the transfer of web pages from the server that hosts them to the browser used by users. A fundamental component of the web infrastructure, which after about 30 years continues to do its job very well. The only weak point is security: the transmission of data (including passwords and banking information), in fact, takes place in a "clear" way and any hacker or hacker could intercept the communication and steal those data. For this reason, in 1994, HTTPS (acronym for HyperText Transfer Protocol Secure) was created.

What is HTTPS

The differences between HTTP and HTTPS are not many, indeed. As the name of the two protocols suggests, the only real difference lies in the greater security of data and personal information that the latter provides compared to the former. It is, in fact, the same web communication protocol in which the TLS protocol has been implemented, which guarantees the encryption of information and the "identity" of the web portal that is being visited.

How HTTPS works

To guarantee greater security to Internet users, the HTTPS protocol exploits two different tools of Transport Layer Security. On the one hand, using TLS certificates issued by third party verifiers (and comparable to identification documents), it certifies the real "identity" of the portal and allows the user to avoid becoming a victim of a phishing attack. On the other hand, by exploiting advanced cryptography protocols, it encrypts the communication between the server and the end user, preventing hackers from stealing the information sent and received (which, as mentioned, can range from e-mail credentials to bank account or credit card data).