SSL vs. HTTPS

Difference Between SSL and HTTPS

If the proper security measures are not adopted, the communication on internet can become in secure. In case of money transfers, millions of dollars of customers and enterprises can be duped. SSL and HTTPS are concerned with this security. SSL is protocol which provides security to the communication on the internet and web. HTTPS refers to the combination of HTTP and SSL. HTTPS makes a secure channel over a network which is insecure.

SSL

SSL or Secure Socket Layer is cryptographic protocol. It provides security to the communications on the internet. It makes use of asymmetric cryptography to keep the privacy intact. It authenticates codes to ensure the reliability. SSL is used for various web applications such as instant messages, email, faxing, web browsing, and voice over IP or VoIP. Netscape Corporation developed SSL which was succeeded by Transport Layer Security or TLS. SSL 2.0 was released in 1995 and was followed by SSL 3.0 next year as the previous version has some serious flaws. SSL 3.3 is the current version. It is known as TLS 1.2. SSL is implemented over the transport level. It encapsulates various application layers such as FTP, HTTP, SMTP etc. It is often used with TCP or transmission control protocol. It is also used sometimes with UDP. SSL is combined with HTTP to get HTTPS. HTTPS are used to identify the endpoints for applications like e-commerce.

HTTPS

HTTPS is obtained by combining HTTP (hyper text transfer protocol) and SSL or TLS protocols. HTTPS makes the communication secure by encryption. It marks the end points of the connections. As a result it becomes ideal for applications such as payments on World Wide Web.  In fact, HTTPS creates a secure connection on an insecure network. HTTPS secure channels safeguard the communication against Man-in-the-Middle attacks and eavesdroppers.  But all the following conditions are satisfied, if the user wants the channel fully secure:

  • Browser has implemented HTTPS correctly with Certificate Authorities.
  • The certificate provided by the site must be valid.
  • Web site is accurately identified by the certificate,
  • Intermediate hops are trustworthy.
  • The difference between SSL and HTTPS

Difference between the both

The major difference between HTTPS and SSL is that HTTPS is obtained combining HTTP and SSL while SSL is a cryptographic protocol. HTTPS is not identified as a protocol in itself sometimes, but a mechanism that makes use of HTTP over encrypted SSL connections. HTTPS is able to resist eavesdropping and man-in-the middle attacks because of encryption provided by SSL

 

Category: VS  |  Tags: