Hello everyone. In this article we’re going to talk about one aspect of website security and try to explain the differences between HTTP, HTTP Secure(aka HTTPS), SSL, TLS and SSL certificates.

Now, HTTP stands for hypertext transfer protocol, this is probably the most widely used protocol on the web in the world. HTTP is the protocol that is used for viewing webpages on the internet. When you type in a web address in your browser, like google.com, you’ll notice that HTTP is automatically added at the beginning of the web address, and this indicates that you are now using HTTP to retrieve the web page. 

Now in standard HTTP, all the information is sent in cleartext, and all the information that is exchanged between your computer, and that web server(aka the website you’re visiting), which includes any text that you entered on that website, is transferred over the Internet, and because it’s transferred in clear text, it’s vulnerable to anybody who wants it, such as hackers using a Man-in-the-Middle Attack(MITM). 

Normally this would not be a big deal if you were just browsing regular websites, and no sensitive data such as banking passwords or credit card information are being used. However, if you were to enter personally identifiable data like your name, address, phone number, passwords, or credit card information, that sensitive data goes from your computer and has to travel across the Internet to get to a web server. 

And this makes your data vulnerable because a hacker on the internet can intercept that data while it’s being transferred from your computer to the web server hosting the particular web page your visiting, and essentially steal your information and possibly use it for nefarious purposes. 

This is a problem, as far as online security is concerned. And this is why HTTPS was developed. HTTPS stands for secure hypertext transfer protocol, and this is HTTP with a security feature, secure HTTP encrypts the data being retrieved by HTTP. 

It ensures that all the data that’s being transferred over the internet, between computers and servers are secure, by making the data impossible to read, and it does this by using encryption algorithms to scramble the data that’s being transferred. 

So for example, if you were to go to a website that requires you to enter personal information, such as passwords or credit card numbers, you will notice that an S will be added to the HTTP, in the web address, and this “s” indicates that you are now using secure HTTP, and have entered a secure website and that your data is going to be protected. 

And a lot of web browsers will also show a padlock symbol in the address bar to indicate that secure HTTP is being used. So by using secure HTTP all the data, which includes anything that you type is no longer sent in cleartext. It’s scrambled in an unreadable form as it travels across the internet. So if a wood-be hacker were to try and steal your information, he would get a bunch of meaningless data, and the hacker would not be able to crack the encryption to unscramble the data.

Now secure HTTP protects data by using one of two protocols, SSL (Secure Sockets Layer) and TLS (Transport Layer Security) which both use cryptographic protocols that encrypt data. For simplicity’s sake, TLS is just a new version of SSL which fixed some of the vulnerabilities in SSL.

When a computer connects to a website that’s using SSL/TLS the computer’s browser will ask the website to identify itself. The webserver will send the computer a copy of its SSL certificate, an SSL certificate is a small digital certificate(digital fingerprint) that is used to authenticate the identity of a website. 

It’s used to let your computer know that the website you’re visiting is trustworthy and legit. So then the computer’s browser will check to make sure that it trusts the certificate, and if it does, it will send a message to the webserver which will respond with an acknowledgment. After all these steps are completed encrypted data can now be exchanged between your computer and the webserver of the website you’re visiting.

And the other protocol that secure HTTP uses is called TLS. TLS(Transport Layer Security) is the latest industry-standard cryptographic protocol. It is the successor to SSL, and it’s based on the same specifications and like SSL it also authenticates the server-client and encrypts the data. A little side note, in industry, it’s still referred to as an SSL certificate but technically it’s running on TLS technology. It’s a bit confusing but that’s the lingo.

It’s also important to point out that a lot of websites are now using secure HTTP by default on their websites, regardless if sensitive data is going to be exchanged on it or not. 

And a lot of this has to do with Google because they are flagging websites that are not secure. If they are not protected with SSL and if a website is not SSL protected, Google will penalize that website in their search rankings. So that’s why if you go to any major website, you’ll notice that secure HTTP(https://) is being used, rather than standard HTTP. Lucky for you all our websites come packaged with an SSL certificate.