This section provides a quick introduction to HTTPS (Hypertext Transfer Protocol Secure) - A combination of HTTP (Hypertext Transfer Protocol) and SSL (Secure Socket Layer) or TLS (Transport Layer Security).
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is HTTP over SSL or TLS.
HTTP (Hypertext Transfer Protocol) is an application layer protocol used to transfer HTTP requests and HTTP responses
for Web based applications. SSL (Secure Socket Layer) or TLS (Transport Layer Security) is a communication layer protocol
used to encrypt application data prior to transmission and decrypting it upon arrival to ensure that no one else can
read the original application data.
All financial Web sites are using HTTPS now, to protect your financial information being transmitted between your computer
and the financial institute server. Since your financial information will be transmitted through many gateway computers,
So you don't have to worry about someone else is looking at your information on a gateway computer, like your Internet
service provider's server. All they can see is encrypted data, not the original data.
There are several technical notes about HTTPS:
The default port number is 443 for HTTPS. Port 80 is still reserved for HTTP.
"https://" must be used as Web address prefix to invoke the HTTPS protocol in Web browsers.
A single Web site may run both HTTP and HTTPS servers: HTTP to serve non-secured contents and
HTTPS to serve secured contents.
Web browsers will give warnings when switching a secured page to a non-secured page.
The HTTPS server must have a public key signed by a certificate authority.
Web browsers will give errors when a HTTPS server provides a certificate that can not be validated against any
certificate authorities.
Web browsers do allow you to review public key certificates received from HTTPS servers.
A simple HTTPS server program will be provided in this chapter to confirm some notes mentioned above.
