HTTPS is a variant of http for handling secure transactions. A secure http request is made using an URL of the type “https://…” instead of the “http://…” request used for ordinary http. The default “https” port number is 443, as assigned by the Internet Assigned Numbers Authority.
In a secure http transaction, data sent to and received from an https server are protected using Secure Socket Layer (SSL) or Transaction Layer Security (TLS). Thus https is a two-step process in which security mechanisms and the necessary session keys are agreed initially. These session keys establish a secure tunnel during which the actual messages can be subsequently transmitted. The secure http server must have a certified public key (see certificate and public key cryptography), which is used when exchanging the session keys (e.g., the client generates and encrypts a common secret under the public key of the server). Only a server having the private key corresponding to the public key in the certificate...
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Pedersen, T. (2005). HTTPS, Secure HTTPS. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_189
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_189
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering