3. Contents
Who developed HTTP Protocol?
What are the basic components of First version of HTTP
Protocol developed?
What was the First version of HTTP Protocol called?
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 3 / 15
4. HTTP and HTTPS
HTTP is the secured version of
HTTP: HyperText Transfer
Protocol.
Web browser is the client.
browser sends a request message to
the HTTP server for the requested
objects.
HTTPS is the secured version of
HTTP
SSL/TLS When that exchange of
data is encrypted with SSL/TLS,
HTTPS
HTTP opens a connection between
the client and server through TCP.
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 4 / 15
7. Secure Socket Layer (SSL)
HTTPS established an encrypted link between the browser and
the web server using the Secure Socket Layer (SSL) or Transport
Layer Security (TLS) protocols.
can be browser to server, server to server or client to server.
SSL establishes an encrypted link using an SSL certificate which
is also known as a digital certificate.
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 7 / 15
8. SSL Working
The attacker presents a page with a desirable and seemingly
innocuous program for the user to download, for example, a
browser toolbar or a photo organizer utility.
Attack also defeats users’ access controls that would normally
block software downloads and installations, because the user
intentionally accepts this software.
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 8 / 15
9. SSL Working
SSL fundamentally works with
Asymmetric and Symmetric
Cryptography Protocols.
SSL handshake is an
asymmetric cryptography
which allows the browser to
verify the web server, get the
public key and establish a
secure connection
Both the client and the server
have a valid session key which
they will use to encrypt or
decrypt actual data.
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 9 / 15
10. SSL Handshake Steps
The client sends a ”client hello” message. - client’s SSL version number, -cipher settings, -session-specific data and
-other information, the server needs.
The server responds - server’s SSL version number, -cipher settings, -session-specific data, an- SSL certificate with a
public key - other information that the client needs to communicate
The client verifies the server’s SSL certificate from -CA (Certificate Authority) and -authenticates the server. -
authentication fails, then the -throws an exception. - authentication succeeds, - step 4.
The client creates a session key, encrypts it with the server’s public key and sends it to the server. -if server has
requested client authentication - then the client sends his own certificate to the server.
The server decrypts the session key with its private key - sends the acknowledgement to the client encrypted with the
session key.
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 10 / 15
11. SSL Data Transfer
The client and the server now
use a shared session key to
encrypt and decrypt actual
data and transfer it. This is
done using the same session
key at both ends and so, it is
a symmetric cryptography.
There are certain
infrastructures involved in
achieving SSL communication
in real life, which are called
Public Key Infrastructure.
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 11 / 15
12. SSL Certificates
What are the types of SSL certificates?
Single-domain -only one domain
Wildcard -Like a single-domain certificate
-it also includes that domain’s subdomains. -e.g.
www.cloudflare.com, blog.cloudflare.com, and
developers.cloudflare.com,
Multi-domain- - can apply to multiple unrelated domains.
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 12 / 15
13. SSL Validation Levels
Domain Validation: This is the least-stringent level of validation,
and the cheapest. All a business has to do is prove they control
the domain.
Organization Validation: This is a more hands-on process: The
CA directly contacts the person or business requesting the
certificate. These certificates are more trustworthy for users.
Extended Validation: This requires a full background check of an
organization before the SSL certificate can be issued.
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 13 / 15
14. TLS
Security protocol designed to facilitate privacy and data security
for communications over the Internet.
Aencrypting the communication between web applications and
servers, such as web browsers loading a website.
TLS can also be used to encrypt other communications such as
email, messaging, and voice over IP (VoIP).
TLS, IETF in 1999.
Recent version is TLS 1.3, which was published in 2018.
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 14 / 15
15. TLS
What is the difference between TLS and SSL?
TLS evolved from a previous encryption protocol called Secure
Sockets Layer (SSL), which was developed by Netscape. TLS
version 1.0 actually began development as SSL version 3.1, but
the name of the protocol was changed before publication in
order to indicate that it was no longer associated with Netscape.
What does TLS do?
-Encryption: hides the data being transferred from third parties.
-Authentication: ensures that the parties exchanging information
are who they claim to be.
-Integrity: verifies that the data has not been forged or
tampered with.
Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 15 / 15