Editing HTTPS (section)

==Technical==

===Difference from HTTP===
HTTPS [[URL]]s begin with "https://" and use [[List of TCP and UDP port numbers|port]] 443 by default, whereas [[HTTP]] URLs begin with "http://" and use port 80 by default.

HTTP is not encrypted and thus is vulnerable to [[man-in-the-middle]] and [[eavesdropping attack]]s, which can let attackers gain access to website accounts and sensitive information, and modify webpages to inject [[malware]] or advertisements. HTTPS is designed to withstand such attacks and is considered secure against them (with the exception of HTTPS implementations that use deprecated versions of SSL).

===Network layers===
HTTP operates at the highest layer of the [[TCP/IP model]]—the [[application layer]]; as does the [[Transport Layer Security|TLS]] security protocol (operating as a lower sublayer of the same layer), which encrypts an HTTP message prior to transmission and decrypts a message upon arrival. Strictly speaking, HTTPS is not a separate protocol, but refers to the use of ordinary [[HTTP]] over an [[encryption|encrypted]] SSL/TLS connection.

HTTPS encrypts all message contents, including the HTTP headers and the request/response data. With the exception of the possible [[Chosen-ciphertext attack|CCA]] cryptographic attack described in the [[#Limitations|limitations]] section below, an attacker should at most be able to discover that a connection is taking place between two parties, along with their domain names and IP addresses.

===Server setup===
To prepare a web server to accept HTTPS connections, the administrator must create a [[public key certificate]] for the web server. This certificate must be signed by a trusted [[certificate authority]] for the web browser to accept it without warning. The authority certifies that the certificate holder is the operator of the web server that presents it. Web browsers are generally distributed with a list of [[root certificate|signing certificates of major certificate authorities]] so that they can verify certificates signed by them.

====Acquiring certificates====
A number of commercial [[Certificate authority|certificate authorities]] exist, offering paid-for SSL/TLS certificates of a number of types, including [[Extended Validation Certificate]]s.

[[Let's Encrypt]], launched in April 2016,<ref name="softpedia-launch">{{cite web |url=https://news.softpedia.com/news/let-s-encrypt-launched-today-currently-protects-3-8-million-domains-502857.shtml |title=Let's Encrypt Launched Today, Currently Protects 3.8 Million Domains |publisher=Softpedia News |first=Catalin |last=Cimpanu |date=12 April 2016 |access-date=20 October 2018 |archive-url=https://web.archive.org/web/20190209055129/https://news.softpedia.com/news/let-s-encrypt-launched-today-currently-protects-3-8-million-domains-502857.shtml |archive-date=9 February 2019 |url-status=live }}</ref> provides free and automated service that delivers basic SSL/TLS certificates to websites.<ref>{{cite web |url=http://www.eweek.com/security/let-s-encrypt-effort-aims-to-improve-internet-security |title=Let's Encrypt Effort Aims to Improve Internet Security |publisher=Quinstreet Enterprise |website=eWeek.com |date=18 November 2014 |access-date=20 October 2018 |last=Kerner |first=Sean Michael |archive-date=2 April 2023 |archive-url=https://web.archive.org/web/20230402154948/https://www.eweek.com/security/let-s-encrypt-effort-aims-to-improve-internet-security/ |url-status=live }}</ref> According to the [[Electronic Frontier Foundation]], Let's Encrypt will make switching from HTTP to HTTPS "as easy as issuing one command, or clicking one button."<ref>{{cite web |url=https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web |title=Launching in 2015: A Certificate Authority to Encrypt the Entire Web |publisher=[[Electronic Frontier Foundation]] |date=18 November 2014 |access-date=20 October 2018 |last=Eckersley |first=Peter |archive-url=https://web.archive.org/web/20181118160126/https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web |archive-date=18 November 2018 |url-status=live }}</ref> The majority of web hosts and cloud providers now leverage Let's Encrypt, providing free certificates to their customers.

====Use as access control====
The system can also be used for client [[authentication]] in order to limit access to a web server to authorized users. To do this, the site administrator typically creates a certificate for each user, which the user loads into their browser. Normally, the certificate contains the name and e-mail address of the authorized user and is automatically checked by the server on each connection to verify the user's identity, potentially without even requiring a password.

====In case of compromised secret (private) key====
An important property in this context is [[forward secrecy|perfect forward secrecy]] (PFS). Possessing one of the long-term asymmetric secret keys used to establish an HTTPS session should not make it easier to derive the short-term session key to then decrypt the conversation, even at a later time. [[Diffie–Hellman key exchange]] (DHE) and [[Elliptic-curve Diffie–Hellman]] key exchange (ECDHE) are in 2013 the only schemes known to have that property. In 2013, only 30% of Firefox, Opera, and Chromium Browser sessions used it, and nearly 0% of Apple's [[Safari (web browser)|Safari]] and [[Internet Explorer|Microsoft Internet Explorer]] sessions.<ref name=ecdhe/> TLS 1.3, published in August 2018, dropped support for ciphers without forward secrecy. {{As of|2019|02|df=US}}, 96.6% of web servers surveyed support some form of forward secrecy, and 52.1% will use forward secrecy with most browsers.<ref>{{cite web |author1=Qualys SSL Labs |title=SSL Pulse |url=https://www.ssllabs.com/ssl-pulse/ |access-date=25 February 2019 |archive-url=https://web.archive.org/web/20190215213454/https://www.ssllabs.com/ssl-pulse/ |archive-date=15 February 2019 |format=3 February 2019|author1-link=Qualys }}</ref> {{As of|2023|07|df=US}}, 99.6% of web servers surveyed support some form of forward secrecy, and 75.2% will use forward secrecy with most browsers.<ref>{{Cite web |title=Qualys SSL Labs - SSL Pulse |url=https://www.ssllabs.com/ssl-pulse/ |access-date=2023-09-04 |website=www.ssllabs.com}}</ref>

=====Certificate revocation=====
{{main|Certificate revocation}}
A certificate may be revoked before it expires, for example because the secrecy of the private key has been compromised. Newer versions of popular browsers such as [[Firefox]],<ref>{{cite web |url=https://www.mozilla.org/en-US/privacy/ |title=Mozilla Firefox Privacy Policy |publisher=[[Mozilla Foundation]] |date=27 April 2009 |access-date=20 October 2018 |archive-url=https://web.archive.org/web/20181018063732/https://www.mozilla.org/en-US/privacy/ |archive-date=18 October 2018 |url-status=live }}</ref> [[Opera (web browser)|Opera]],<ref>{{cite news |url=https://news.softpedia.com/news/Opera-8-launched-on-FTP-1330.shtml |title=Opera 8 launched on FTP |publisher=[[Softpedia]] |date=19 April 2005 |access-date=20 October 2018 |archive-url=https://web.archive.org/web/20190209055128/https://news.softpedia.com/news/Opera-8-launched-on-FTP-1330.shtml |archive-date=9 February 2019 |url-status=live }}</ref> and [[Internet Explorer]] on [[Windows Vista]]<ref>{{cite web |last=Lawrence |first=Eric |date=31 January 2006 |url=https://docs.microsoft.com/en-us/previous-versions/aa980989(v=msdn.10) |title=HTTPS Security Improvements in Internet Explorer 7 |website=[[Microsoft Docs]] |access-date=24 October 2021 |archive-date=24 October 2021 |archive-url=https://web.archive.org/web/20211024181937/https://docs.microsoft.com/en-us/previous-versions/aa980989(v=msdn.10) |url-status=live }}</ref> implement the [[Online Certificate Status Protocol]] (OCSP) to verify that this is not the case. The browser sends the certificate's serial number to the certificate authority or its delegate via OCSP (Online Certificate Status Protocol) and the authority responds, telling the browser whether the certificate is still valid or not.<ref>{{cite web |url=https://tools.ietf.org/html/rfc2560 |title=Online Certificate Status Protocol – OCSP |publisher=[[Internet Engineering Task Force]] |date=20 June 1999 |last1=Myers |first1=Michael |last2=Ankney |first2=Rich |last3=Malpani |first3=Ambarish |last4=Galperin |first4=Slava |last5=Adams |first5=Carlisle |doi=10.17487/RFC2560 |access-date=20 October 2018 |archive-url=https://web.archive.org/web/20110825095059/http://tools.ietf.org/html/rfc2560 |archive-date=25 August 2011 |url-status=live }}</ref> The CA may also issue a [[Certificate revocation list|CRL]] to tell people that these certificates are revoked. CRLs are no longer required by the CA/Browser forum,<ref>{{cite web |url=https://cabforum.org/baseline-requirements-documents/ |title=Baseline Requirements |date=4 September 2013 |publisher=CAB Forum |access-date=1 November 2021 |url-status=live |archive-date=20 October 2014 |archive-url=https://web.archive.org/web/20141020234802/https://cabforum.org/baseline-requirements-documents/ }}</ref>{{Update inline|date=April 2025|reason=CRLs are actually required.}} nevertheless, they are still widely used by the CAs. Most revocation statuses on the Internet disappear soon after the expiration of the certificates.<ref name=RS_1>{{cite book| author1=Korzhitskii, N.| author2=Carlsson, N.| title=Passive and Active Measurement| chapter=Revocation Statuses on the Internet| series=Lecture Notes in Computer Science| date=30 March 2021| volume=12671| pages=175–191| doi=10.1007/978-3-030-72582-2_11| arxiv=2102.04288| isbn=978-3-030-72581-5}}</ref>

===Limitations===
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) encryption can be configured in two modes: ''simple'' and ''mutual''. In simple mode, authentication is only performed by the server. The mutual version requires the user to install a personal [[client certificate]] in the web browser for user authentication.<ref>{{cite web |url=https://support.google.com/chrome/a/answer/6080885?hl=en |title=Manage client certificates on Chrome devices – Chrome for business and education Help |website=support.google.com |access-date=2018-10-20 |archive-url=https://web.archive.org/web/20190209055127/https://support.google.com/chrome/a/answer/6080885?hl=en |archive-date=2019-02-09 |url-status=live }}</ref> In either case, the level of protection depends on the correctness of the [[implementation]] of the software and the [[cipher|cryptographic algorithms]] in use.{{fact|date=April 2024}}

SSL/TLS does not prevent the indexing of the site by a [[web crawler]], and in some cases the [[Uniform resource identifier|URI]] of the encrypted resource can be inferred by knowing only the intercepted request/response size.<ref>{{cite web |url=https://www.exploit-db.com/docs/english/13026-the-pirate-bay-un-ssl.pdf |title=The Pirate Bay un-SSL |last=Pusep |first=Stanislaw |date=2008-07-31 |access-date=2018-10-20 |archive-url=https://web.archive.org/web/20180620001518/https://www.exploit-db.com/docs/english/13026-the-pirate-bay-un-ssl.pdf |archive-date=2018-06-20 |url-status=live }}</ref> This allows an attacker to have access to the [[plaintext]] (the publicly available static content), and the [[ciphertext|encrypted text]] (the encrypted version of the static content), permitting a [[Chosen-ciphertext attack|cryptographic attack]].{{fact|date=April 2024}}

Because [[Transport Layer Security|TLS]] operates at a protocol level below that of HTTP and has no knowledge of the higher-level protocols, TLS servers can only strictly present one certificate for a particular address and port combination.<ref>{{cite web |url=https://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts |title=SSL/TLS Strong Encryption: FAQ |work=apache.org |access-date=2018-10-20 |archive-url=https://web.archive.org/web/20181019105423/http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts |archive-date=2018-10-19 |url-status=live }}</ref> In the past, this meant that it was not feasible to use [[Virtual hosting#Name-based|name-based virtual hosting]] with HTTPS. A solution called [[Server Name Indication]] (SNI) exists, which sends the hostname to the server before encrypting the connection, although older browsers do not support this extension. Support for SNI is available since [[Firefox]] 2, [[Opera (web browser)|Opera]] 8, [[Safari (web browser)|Apple Safari]] 2.1, [[Google Chrome]] 6, and [[Internet Explorer 7]] on [[Windows Vista]].<ref>{{cite web |url=https://blogs.msdn.microsoft.com/ie/2005/10/22/upcoming-https-improvements-in-internet-explorer-7-beta-2/ |title=Upcoming HTTPS Improvements in Internet Explorer 7 Beta 2 |last=Lawrence |first=Eric |publisher=[[Microsoft]] |date=2005-10-22 |access-date=2018-10-20 |archive-url=https://web.archive.org/web/20180920113838/https://blogs.msdn.microsoft.com/ie/2005/10/22/upcoming-https-improvements-in-internet-explorer-7-beta-2/ |archive-date=2018-09-20 |url-status=live }}</ref><ref>{{cite web |url=https://blog.ebrahim.org/2006/02/21/server-name-indication-sni/ |title=Server Name Indication (SNI) |work=inside aebrahim's head |date=2006-02-21 |access-date=2018-10-20 |archive-url=https://web.archive.org/web/20180810173628/https://blog.ebrahim.org/2006/02/21/server-name-indication-sni/ |archive-date=10 August 2018 |url-status=live }}</ref><ref>{{cite web |url=https://bugzilla.mozilla.org/show_bug.cgi?id=116169 |title=Browser support for TLS server name indication |access-date=2018-10-20 |last=Pierre |first=Julien |date=2001-12-19 |work=Bugzilla |publisher=Mozilla Foundation |archive-url=https://web.archive.org/web/20181008070112/https://bugzilla.mozilla.org/show_bug.cgi?id=116169 |archive-date=2018-10-08 |url-status=live }}</ref>

A sophisticated type of [[man-in-the-middle attack]] called SSL stripping was presented at the 2009 [[Black Hat Briefings|Blackhat Conference]]. This type of attack defeats the security provided by HTTPS by changing the {{code|https:}} link into an {{code|http:}} link, taking advantage of the fact that few Internet users actually type "https" into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP. The attacker then communicates in clear with the client.<ref>{{cite web |url=https://moxie.org/software/sslstrip/index.html |title=sslstrip 0.9 |access-date=20 October 2018 |archive-url=https://web.archive.org/web/20180620042059/https://moxie.org/software/sslstrip/index.html |archive-date=20 June 2018 |url-status=live }}</ref> This prompted the development of a countermeasure in HTTP called [[HTTP Strict Transport Security]].{{fact|date=April 2024}}

HTTPS has been shown to be vulnerable to a range of [[traffic analysis]] attacks. Traffic analysis attacks are a type of [[side-channel attack]] that relies on variations in the timing and size of traffic in order to infer properties about the encrypted traffic itself. Traffic analysis is possible because SSL/TLS encryption changes the contents of traffic, but has minimal impact on the size and timing of traffic. In May 2010, a research paper by researchers from [[Microsoft Research]] and [[Indiana University Bloomington|Indiana University]] discovered that detailed sensitive user data can be inferred from side channels such as packet sizes. The researchers found that, despite HTTPS protection in several high-profile, top-of-the-line web applications in healthcare, taxation, investment, and web search, an eavesdropper could infer the illnesses/medications/surgeries of the user, his/her family income, and investment secrets.<ref>{{cite journal |url=https://www.microsoft.com/en-us/research/publication/side-channel-leaks-in-web-applications-a-reality-today-a-challenge-tomorrow/ |title=Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow |journal=Microsoft Research |publisher=[[Institute of Electrical and Electronics Engineers|IEEE]] Symposium on Security & Privacy 2010 |date=2010-05-20 |author1=Shuo Chen |author2=Rui Wang |author3=XiaoFeng Wang |author4=Kehuan Zhang |access-date=2018-10-20 |archive-url=https://web.archive.org/web/20180722120329/https://www.microsoft.com/en-us/research/publication/side-channel-leaks-in-web-applications-a-reality-today-a-challenge-tomorrow/ |archive-date=22 July 2018 |url-status=live }}</ref>

The fact that most modern websites, including Google, Yahoo!, and Amazon, use HTTPS causes problems for many users trying to access public Wi-Fi hot spots, because a [[captive portal]] Wi-Fi hot spot login page fails to load if the user tries to open an HTTPS resource.<ref>{{cite web |first=Matthew |last=Guaay |url=https://zapier.com/blog/open-wifi-login-page/ |title=How to Force a Public Wi-Fi Network Login Page to Open |date=2017-09-21 |access-date=2018-10-20 |archive-url=https://web.archive.org/web/20180810143254/https://zapier.com/blog/open-wifi-login-page/ |archive-date=2018-08-10 |url-status=live }}</ref> Several websites, such as NeverSSL,<ref name="neverssl">{{cite web |url=http://neverssl.com |title=NeverSSL }}</ref> guarantee that they will always remain accessible by HTTP.<ref>{{cite web |url=http://neverssl.com/ |title=NeverSSL |access-date=2018-10-20 |archive-url=https://web.archive.org/web/20180901224536/http://neverssl.com/ |archive-date=2018-09-01 |url-status=live }}</ref>