11. HTTPS

Although, it is powerful and flexible; the HTTP protocol is not suitable for use in a wide range of applications because it can be so easily monitored and replayed. For example, someone using a network monitor can easily capture passwords used to access a banking web site or replay requests that trigger financial transactions.

The Secure Sockets Layer (SSL) was designed to encrypt any TCP/IP based network traffic and provide the following capabilities:

Prevents eavesdropping
Prevents tampering or replaying of messages
Uses certificates to authenticate servers and optionally clients

The HTTPS protocol is the same text based protocol as HTTP but is run over an encrypted SSL session. There is some addition overhead in setting up an HTTPS session, as the client and server need to create a shared secret key by using a public / private key handshake. But once the connection is setup it works exactly like HTTP and has the same capabilities, e.g. headers, cookies, caching, authentication, redirection, etc...

For more information on HTTPS and the underlying Secure Sockets Layer see RFC 2818..

Example 11

The button below allows you to switch between HTTP and HTTPS. You may want to switch to HTTPS and try the examples again in previous sections of the HTTP gallery.

Current Protocol: HTTP (unencrypted)

Using HttpWatch with Example 11

HttpWatch shows the same level of detail regardless of which protocol you are using.

Open the HttpWatch window by clicking on the HttpWatch icon on the toolbar
Click on Record to start logging requests in HttpWatch
Click on the Switch button above to change between HTTP and HTTPS

<< Previous (10. Authentication) Next >> (12. AJAX)