tags:

views:

605

answers:

6

What is SSL and how does it relate to HTTPS?

+4  A: 

HTTPS is just HTTP over SSL. Or Hypertext Transfer Protocol over Secure Socket Layer.

SSL is an encrypted channel for communication. HTTP is the way to transfer web pages and other web content across the network.

Lance Fisher
A: 

SSL is a protocol for secure tunneling or encrypting network connections at the application level.

HTTPS is just HTTP used over SSL.

CMS
A: 

SSL and HTTPS are used for encrypted, secure network communications. There are plenty of resources on the web that explain the protocols. Here is a link to one resource: http://www.ourshop.com/resources/ssl.html

JeremiahClark
URL text is correct, but the clickable link is wrong.
jeffm
+17  A: 

SSL is the secure socket layer, a cryptographic protocol to encrypt network traffic. The most recent version of SSL is version 3, which fixed some known issues in SSLv2. HTTPS is HTTP over SSL... or HTTP over TLS.

TLS (Transport Layer Security) is the successor to SSLv3 and is largely replacing SSLv3 as the default HTTPS protocol in web browsers and servers.

As a side note, HTTPS usually listens on port 443, rather than port 80.

R. Bemrose
+1  A: 

HTTPS = HTTP over SSL

SSL is a layer over TCP that allows for secure, encrypted exchange of data.

HTTP normally runs over TCP and is therefore not encrypted. HTTPS is where the HTTP protocol is run over SSL rather than directly over TCP and therefore the data exchanged is encrypted.

Sarah
+1  A: 

HTTPS: (RFC 2818) is for providing secure communication. It is an application layer protocol on TCP/IP stack (similar to HTTP).

SSL: It is a layer in TCP/IP Stack between Application layer and Transport layer. It mentions client-server authentication (it is done through a handshake and certificate based authenticvation) adhering to PKCS (public key crypto standards); communication of messages over the secure channel once it was established (certain agreed crypto standards are used to enforce proper encryption/decryption at sending and receiving side). In summary, no application data are sent unless an authenticated, encrypted channel is established.

Relation b/w SSL and HTTPS: HTTPS is secure HTTP communication based on SSL protocol (HTTP over SSL, as they say). Generally all sensitive info (like passwords, financial details, etc.) are sent over this transport. Common example: your gmail login is done through HTTPS channel.

Miscellaneous: Almost all standard browsers support https. You can see the certificates they possess by default. SSLV2, SSLV3 and TLS are the supported standards (as far as I recollect).

FL4SOF