Web Security Web Security

Introducing HTTPS

Learning Paths:
Check out a free preview of the full Web Security course:
The "Introducing HTTPS" Lesson is part of the full, Web Security course featured in this preview video. Here's what you'd learn in this lesson:

Mike reviews HTTPS recent prominence and easy access through Let's Encrypt, a service that provides free SSL/TLS certificates.

Get Unlimited Access Now

Transcript from the "Introducing HTTPS" Lesson

[00:00:00]
>> Mike North: So over the past couple of years, we've been really trying to push up the percentage of the web if that is served over HTTPS. We're at about 56% and moving forward nicely. This big uptick we're seeing in, I guess, it's not really a clear uptick, but starting from about November of 2016 upwards.

[00:00:25] That's impacted a lot by Let's Encrypt, which is an attempt to make the first free certificate authority where you could automatically go through the process of getting one of these. And it wasn't about paying $100 for three years, and now you have the certificate you need. Everyone should have access to this.

[00:00:44] It's in everyone's interests to make this something that everyone can add to, even their blogs and things like that. Everything should be HTTPS. So in terms of how we got here, in the 90s, HTTP was invented. 93, there was something called S-HTTP. That was the first secure HTTP protocol, and that was from Secure Mosaic.

[00:01:10] That was back when you had to download the secure version of Mosaic, a separate program, then the regular Mosaic, which was for your general Internet use. In 94, Netscape invented and implemented SSL, HTTPS was the first thing to use SSL. SSL stands for secure socket layer. And what that means, just think that it is sort of a lower level idea than HTTPS, right?

[00:01:38] It doesn't care about what protocol you're using, like whether this is something called a request that has a head and a body. It involves something in a lower layer, at the socket layer, rather, which is why we can use it for things like WebSockets as well, which are not HTTP.

[00:01:59] In 99, we got our first version of TLS, which also is also known as SSL 3.1. It is more accurate now to refer to this as TLS, right? And 2008, we got the current version that we're using now, and it is regarded to be the safe version to use.

[00:02:19] So we're gonna dive a little bit into cryptography. I hope I made this reasonably accessible. I want you to understand at the end of this what role the certificate plays. What role symmetric and asymmetric encryption plays, we'll define those terms. So you know when we start working with OpenSSL, which is what we're about to do to generate a certificate safely, you will not just look at this as a bunch of files.

[00:02:46] You'll understand each piece and the point of each piece.