Protocols
Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) are the two most common protocols used for transferring data between clients and servers on the internet.
Hypertext Transfer Protocol (HTTP)
- HTTP is the protocol used for transferring data between a client and a server on the internet
- It is a stateless protocol, meaning it does not store any information about previous requests or responses
- HTTP operates on port 80 by default and sends data in plain text format, making it vulnerable to interception and manipulation
Hypertext Transfer Protocol Secure (HTTPS)
- HTTPS is a secure version of HTTP that uses encryption to protect data transferred between a client and a server
- It operates on port 443 by default and uses Transport Layer Security (TLS) or Secure Socket Layer (SSL) to encrypt data
- HTTPS ensures that data transferred between the client and server is secure, making it harder for unauthorised users to intercept or manipulate data
SSL & TLS
- SSL is a security protocol developed by Netscape in the 1990s to provide secure communication over the internet
- TLS is a successor to SSL and is a security protocol used to provide secure communication over the internet
- They both use a combination of symmetric and asymmetric encryption to secure data and ensure data integrity
- SSL operates at the transport layer of the OSI model, ensuring that data is encrypted before it is sent over the network
- The TLS protocol is made up of 2 layers:
-
- Handshake Layer
- This is used to establish a secure connection between two endpoints
- Handshake Layer
-
- Record Layer
- This is responsible for transmitting data securely between the client and the server
- The client/browser requests secure connection to the server
- The client/browser requests the server to identify itself
- The server provides a digital certificate
- The client/browser validates the certificate
- The client/browser sends a signal back to the server to begin data transmission
- The encryption method will be agreed & a session key is generated
Exam Tip
- You will only be asked to name the layers of TLS