How does HTTP really work?


HTTPS is combination of HTTP and SSL(Secure Socket Layer) to provide encrypted communication between client (browser) and web server (application is hosted here).Why is it needed?

HTTPS encrypts data that is transmitted from browser to server over the network. So, no one can sniff the data during transmission.

How HTTPS connection is established between browser and web server?

  1. Browser tries to connect to the
  2. server sends a certificate to the browser. This certificate includes server’s public key, and some evidence that this public key actually belongs to
  3. Browser verifies the certificate to confirm that it has the proper public key for
  4. Browser chooses a random new symmetric key K to use for its connection to server. It encrypts K under public key.
  5. decrypts K using its private key. Now both browser and the cloudnloud server know K, but no one else does.
  6. Anytime browser wants to send something to, it encrypts it under K; the server decrypts it upon receipt. Anytime the server wants to send something to your browser, it encrypts it under K.

This flow can be represented by the following diagram:




Please enter your comment!
Please enter your name here