Network Engineering

HTTP, HTTPS, DNS, SSL & TLS

brian | Published: Feb. 19, 2024, 1:06 p.m. | Updated: May 25, 2025, 9:14 p.m.

Profile Picture

HTTP

HTTP stands for Hypertext Transfer Protocol, and it is a protocol used for transmitting data over the internet between clients and servers. HTTP is a stateless protocol (each request from client to server is independent from any previous request ). Whenever you send information using HTTP it is NOT secure because all the information that is being sent, is being sent through plain text, and through the public internet , so if anyone were to get a hold of it(HACKERS), they would be able to see all the infomation which is not good!

HTTPS

HTTPS- Hypertext transfer Protocol Secure. HTTPS was created because of HTTP being unsecure! HTTPS is the same thing as HTTP, but with an added security feature which encrypts the data that is being exchanged between the client and web browser. The two protocols that HTTPS use for this is SSL, and TSL. One thing to note is that HTTPS is pretty much the standard now a days even if you're not intending to send any personal information, and the reason for this is  because google flags your website as unsecure if your website is not SSL protected.

 

1. Certificate Authority:

The certificate authority has a public key and a private key, and it also has a self signed-certificate which affirms the identity of this particular certificate authority.

2. Lets sayYouTube wants to acquire a certificate

   1. Server will generate a public, and private key

    2. Server also generates a CSR (Certificate Signing Request) file used to request a certificate. Inside the CSR is the "servers public key", and it is signed using the private key

   2. Next the CSR will be sent to CA alongside it the public key

  3.The CA is going to verify that the server is who they say they are, namely using the public key. Once the CA verifies the server, it will generate a certificate using information that was inside the CSR, and it will be signed using the CA private key, then the certificate is sent back to the server

 


SSL

SSL or Secure Sockets Layer uses public key encryption to secure data, and below is how it works

1. Computer A visits youtube.com and in doing so Computer A's web browser will tell the YouTube server to identify itself, so it asks for its certificate. One thing to note is that the clients web browser already has the CA certificate installed

2. Once recieved, the client has to validate the certificates authenticity in two ways. 1) The client has to verify that the certificate is legitimate by checking the signature using the CA public key. The signature was created by the CA private key, and so it can be verified using the CA public key which is included in the CA certificate that the client already has installed.

3. Now the client has to verify that the server owns the certificate in which the client confirms that the server has a matching private key to the public key that was presented in the server certificate. If the server proves it has the matching private key, then we know the server is the owner.

 

 

TLS

TLS (Transport Layer Security) is the successor to TLS, and it has many similar attributes to SSL like authenticating the server, client, and the encryption of data.TLS  is a cryptographic protocol used to secure communication over a computer network, typically the internet. TLS ensures that data transmitted between two endpoints, such as a web browser and a web server, remains private and secure from eavesdropping and tampering. TLS is also used in emails, instant messaging, and voice over IP.

 

How does SSL and TLS protect Data?

In the image above we can see the Client is in the left side, and the server is to the right. But Who's the red person in the middle? That can be anyone, or a hacker that intends to steal your personal information. There are 3 ways that SSL and TLS protect your data

1. Confidentiality: Data is only accessible between the client and the server, meaning that if during the process of sending data the hacker retrieves it, he won't be able to read it or make sense of it because the data will be encrypted. For the hacker it will only display scribble scrabbles.

2. Integrity: Data is not modified between client and server. During the process of sending data and the data traveling, the red user can indeed modify it, BUT once received by the server, the server will be able to detect that the data has been tampered with.

3.Authentication: Validation between the client and the host

 

What is DNS?

DNS stands for "Domain Name System". DNS resolves domain names (ie. youtube.com) to IP addresses. In order for us to navigate the internet and browse different web pages, we must know the IP address of the website, but how would we remember all those IP addresses? Well we dont, and that is why DNS was created. With DNS we simply search the name of the website, again (ie. youtube.com), and then our computer searches through the DNS cache to see if we have already visited that website. If it doesnt find it, then the DNS will search through its database, find the matching IP address for that domain name, and resolve the domain name to IP address enabling communcaation between our web browser and youtube.com. I like to compare DNS to python dictionaries, for example; we name a dictionary "dns" and we add some keys, and values. When we print out the dns with the key of 'google.com', we will get the output of the value which is '8.8.8.8' similar to DNS


dns = {
    'google.com': '8.8.8.8',
    'youtube.com': '1.1.1.1',
}
print(dns['google.com'])


---output---
>>8.8.8.8