HTTP - HTTPS scheme (HTTP-over-TLS)

HTTP - HTTPS scheme (HTTP-over-TLS)
- About
- Management
  - Port
  - Deploying
  - Mandatory

About

The https scheme represents HTTP-over-TLS ¹⁾

HTTP is a application protocol (OSI level 7) that is build on TCP as transport layer (OSI level 3)

HTTPS is essentially HTTP after the connection has been secured with TLS (ie SSL, ie TCP with SSL) (ie when the SSL handshake (negotiation) has succeed).

Chrome:

Management

Port

The port is 443.

Deploying

See How to enable SSL on a server (ie HTTPS on a web server) ?

Mandatory

To make https mandatory for a website, set the Strict Transport Security (HSTS) header

¹⁾

https://tools.ietf.org/html/rfc2818

Recommended Pages

Authentication - Basic Authentication (HTTP)

Authentication - Basic Authentication (HTTP) About Basic Access Authentication is an Authentication mechanism from HTTP auth. Basic access authentication uses the easily reversible Base64 encoding "...

OAuth - Authorization Endpoint

OAuth - Authorization Endpoint About The authorization endpoint is one of two endpoints of the authorization server. It's used by the client (app) to obtain authorization from the resource owner i "...

Oauth - Client Authentication

Oauth - Client Authentication About authentication method for a client in Oauth. The client MUST NOT use more than one authentication method in each request. Articles Related Usage Client authen "...

Authentication - Method / Protocol / Scheme

Authentication - Method / Protocol / Scheme About The authentication methods / construct / protocol validates the identity of a user (ie validates who you are). The method is implemented by a (iden "...

OAuth - Token Endpoint

OAuth - Token Endpoint About The token endpoint is an authorization endpoint used by the client to obtain an access token by presenting its: * authorization grant * or refresh token. The toke "...

Cryptography - Key

A key is a parameter used in a cipher algorithm that determines the encryption operation (forward) and the decryption operation (backward). It's the only secret parameter that protect the anonymity of "...

HTTP - Strict Transport Security (HSTS) - mandatory HTTPS

Strict Transport Security (HSTS) is a header that tells the client that the website should always be contacted with HTTPS Effect When HSTS is on, if it's not possible to make a https connection (for i "...

HTTP - Cookie (Set-Cookie Header )

A cookie is a key-value data and some associated It is: set: by the server side with a HTTP response and the Set-Cookie header and eventually on a client side with the browser web api stored in "...

HTTP - Host Header

host in the context of HTTP is a header field that: indicates the destination of the request and is part of the origin definition The Host field value is the network location of the origin server or "...

HTTP - Port (80, 443)

The HTTP request are routed to the destination server defined by the host and port of the request URL authority. If the port is not defined, the default ports are: 80 for the http scheme 443 for the "...

Share this page: