HTTPS (HTTP Secure) is HTTP layered over TLS/SSL encryption, transforming the web from a plaintext protocol into one that protects confidentiality, integrity, and authenticity of data in transit. Where HTTP sends data naked across the network, HTTPS wraps every byte in cryptographic armor — yet this protection is not automatic. It requires certificates, key exchanges, handshakes, and trust chains working in concert. Understanding HTTPS means understanding how servers prove their identity, how encryption keys are negotiated, and how the entire ecosystem prevents eavesdropping, tampering, and impersonation. A critical reality: HTTPS protects data in transit, but only if certificates are valid, TLS is properly configured, and both endpoints are trustworthy — otherwise, you have encrypted communication with the wrong party.
What This Cheat Sheet Covers
This topic spans 22 focused tables and 118 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.
Table 1: TLS Protocol Versions
| Version | Example | Description |
|---|---|---|
Used by >95% of secure sites | • Current standard since 2018 — 1-RTT handshake, mandatory forward secrecy, removes legacy ciphers (RC4, SHA-1, RSA key exchange) • fastest and most secure. | |
Still widely deployed | • Released 2008, still considered secure when properly configured • supports older cipher suites including non-PFS options • requires 2-RTT handshake. | |
Formally deprecated RFC 8996 | • Deprecated March 2021 — no longer secure, vulnerable to BEAST • should be disabled everywhere. |