The History of HTTPS
HTTPS was introduced in 1994 by Netscape to encrypt web traffic using SSL (Secure Sockets Layer). It evolved over the years with the introduction of TLS (Transport Layer Security), replacing SSL.
Key HTTPS Milestones
| Year | Development | Notes |
|---|
| 1994 | SSL 2.0 | First attempt at encrypted web traffic |
| 1996 | SSL 3.0 | Improved security but still flawed |
| 1999 | TLS 1.0 | Replaced SSL, more secure |
| 2008 | TLS 1.2 | Stronger encryption, widely adopted |
| 2018 | TLS 1.3 | Faster and even more secure |
💡 Verdict: SSL is dead. TLS 1.2+ is the modern standard.
Further Reading:
How HTTPS Works
HTTPS secures data transmission between web browsers and web servers using TLS encryption.
Step-by-Step HTTPS Connection
- Client initiates a request →
https://example.com. - Server sends an SSL/TLS certificate.
- Browser verifies the certificate against a Certificate Authority (CA).
- TLS handshake happens → Encryption keys are exchanged.
- Secure session is established → Data is encrypted before transmission.
This prevents eavesdropping, MITM attacks, and data manipulation.
HTTPS vs. Other Security Protocols
| Feature | HTTPS | HTTP | SSH | VPN |
|---|
| Encryption | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes |
| Authentication | ✅ Yes (Certificates) | ❌ No | ✅ Yes | ✅ Yes |
| Data Integrity | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes |
| Speed | ✅ Fast | ✅ Fast | ❌ Slower | ❌ Depends |
| Used By | Websites, APIs | Legacy websites | Remote access | Enterprises |
💡 Verdict: HTTPS is essential for web security, while SSH and VPNs serve different purposes.
10 HTTPS Code Examples
1. Checking SSL Certificates in Linux (CLI)
1
| openssl s_client -connect example.com:443 -servername example.com
|
2. Generating a Self-Signed SSL Certificate (OpenSSL)
1
| openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes
|
3. Using HTTPS in Python (Requests Library)
1
2
3
4
| import requests
response = requests.get("https://example.com", verify=True)
print(response.text)
|
4. Enabling HTTPS in a Flask App
1
2
3
4
| from flask import Flask
app = Flask(__name__)
app.run(ssl_context=('cert.pem', 'key.pem'))
|
5. Using HTTPS in C# (HttpClient)
1
2
3
4
5
| using System.Net.Http;
HttpClient client = new HttpClient();
HttpResponseMessage response = await client.GetAsync("https://example.com");
Console.WriteLine(await response.Content.ReadAsStringAsync());
|
6. Using HTTPS in Java (HttpsURLConnection)
1
2
3
4
5
6
7
| import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
URL url = new URL("https://example.com");
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
con.connect();
System.out.println("Response Code: " + con.getResponseCode());
|
7. Using HTTPS in JavaScript (Node.js HTTPS Request)
1
2
3
4
5
| const https = require("https");
https.get("https://example.com", (res) => {
console.log("Status Code:", res.statusCode);
});
|
8. Enforcing HTTPS in an Nginx Server
1
2
3
4
5
6
7
| server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
}
|
9. Checking HTTPS Protocol Version (CLI)
1
| openssl s_client -connect example.com:443 -tls1_2
|
10. Using HTTPS in Golang
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| package main
import (
"crypto/tls"
"net/http"
)
func main() {
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
resp, _ := client.Get("https://example.com")
fmt.Println(resp.Status)
}
|
Key Takeaways
- HTTPS encrypts web traffic to protect against hackers and MITM attacks.
- TLS (not SSL) is the modern encryption standard for HTTPS.
- HTTPS is essential for APIs, websites, and secure communication.
- Alternatives like SSH and VPNs serve different security needs.
References
- TLS Wikipedia
- How HTTPS Works
- SSL vs. TLS
- OpenSSL Commands
