Skip to content

The S in HTTPS#

Finally lets briefly talk about the S in HTTPS. It stands for secure and what it means is you're actually using two protocols: HTTP and TLS. We know what HTTP is but we haven't looked at TLS - or Transport Layer Security - yet. We'll cover this in "Basic Security."

In simple terms it means when we're making a connection to remote HTTP (web) server we establish a TCP connection. TCP is a transport layer protocol, because it's responsible for the transport of the HTTP protocol. The problem with plain old TCP is the data is sent over the public Internet as plain text. That means someone between your computer and the remote web server can read the information going between you. That's not ideal for a lot of reasons we'll eventually get into.

To prevent this, we use TLS. In short, TLS establishes a secure TCP connection between client and server. Everything sent is encrypted and cannot be read by someone between you and the remote server. It means we can safely transmit sensitive information to each other over the public Internet. Information like banking requests, private messages, and more.