http (hypertext transfer protocol)

• transfer hypertext data
• port: 80

https (hypertext transfer protocol over secure sockets layer)

• Secure called webpage and data
• But slower the transferring speed
• Port: 443

SSL (Secure Sockets Layer)

• Encryption: Hiding what is sent from one computer to another
  • Computers agree on how to encrypt
  • Server sends a certificate
  • Client’s computer says “start encrypting”
    • in here there are 3 messages
      • Client key exchange: Both computers calculate a master secret code
      • Change cipher spec: client’s computer is asking server to encrypt
      • Finished: let’s start now
    • The server says “start encrypting”
      • in here there are 2 messages
        • change cipher spec: I’m going to send encrypted message now
        • finished: let’s go
      • This message gets encrypted
    • All messages are now encrypted
      • It will look as a garbage to other

• Identification: Making sure the computer you are speaking to is the one you trust
  • 1. Company asks CA(Certificate Authority) for a certificate
    • The company asks CA for a certificate
      • The web server
      • What the company is
      • Where it is located
    • Certificate Authority checks correctness and authenticity of company
  • 2. CA creates certificate and signs it
  • 3. Certificate installed in server
    • The company will run a web server
    • The certificate is installed into this server
    • The web server is configured to use the certificate
  • 4. Browser issued with root certificates
    • You can check installed certificate authorities on your computer.
    • On my computer(mac), I can check with Keychain Access application
  • 5. Browser trusts correctly signed certs
    • Client’s computer has public key of the certificate authority
    • When it receives a certificate, it will verify a encrypted signature of the certificate with the public key.