HTTPS is the secure version of HTTP, the World Wide Web communications protocol. It was created to provide communications with authentication and encryption.

“Secure Web servers” normally refer to Web servers capable of encrypted communication. The Web server must have a certificate installed that provides the Web server with a private/public key pair. The encrypted channel is provided by a protocol named Secure Socket Layer (SSL) or by its successor Transport Layer Security (TLS).

When SSL/TLS is used, the client and the server do the following:

• The client and the server agree on what crypto and hashing algorithms to use
• The client receives a certificate from the server and validates it
• Both agree on a symmetric encryption key
• Encrypted communication starts

The level of protection depends on the implementation by the web browser and the server software and the cryptographic algorithms supported.

HTTPS protects against packet sniffing, because the packets contain seemingly random data. It is important to realize that the encryption only protects the network connection between the client and the server.

The default TCP/IP port of HTTPS is 443.

In web pages using HTTPS, the URL starts with 'https://' rather than 'http://'.

The  SNET Service provides the Commission with the infrastructure it needs

• SNET   http://www.cc.cec/home/dgserv/digit/ict/services/data_network_snet/index_en.html
• HTTP template
• Security

• RFC 2818 - Technical specification of HTTP over TLS http://www.ietf.org/rfc/rfc2818.txt
• Technical Descriptions of Secured HTTP http://www.javvin.com/protocolHTTPS.html
• SSL/TLS Strong Encryption: An Introduction to the Apache HTTP Server Version 2.0 Documentation.

A collection of papers from workshops, conferences etc.