HTTP DEMYSTIFIED: ARCHITECTURE, SECURITY, AND MODERN USE CASES
Main Article Content
Abstract
This study provides a comprehensive technical overview of HTTPS, the protocol that secures web communications. It traces the evolution from SSL to modern TLS, detailing the layered architecture, cryptographic protocols, and certificate infrastructure that underpin HTTPS. The research highlights improvements in TLS 1.3, security enhancements, and performance optimizations including session resumption and HTTP/2 and HTTP/3 protocols. Challenges such as certificate management, emerging threats, and metadata privacy are examined. The findings offer actionable insights for cybersecurity professionals and system architects to improve secure web deployments amid evolving internet threats.
Downloads
Metrics
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.
References
Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3 (RFC 8446). IETF. https://datatracker.ietf.org/doc/html/rfc8446
Dierks, T., & Rescorla, E. (2008). The Transport Layer Security (TLS) Protocol Version 1.2 (RFC 5246). IETF. https://datatracker.ietf.org/doc/html/rfc5246
Mozilla Developer Network. (n.d.). HTTPS overview. https://developer.mozilla.org/en-US/docs/Web/HTTPS
Google. (2020). Certificate Transparency. https://certificate.transparency.dev/
Langley, A., Riddoch, A., Wilk, A., Vicente, A., & Krasic, C. (2017). QUIC: A UDP-Based Multiplexed and Secure Transport. https://www.chromium.org/quic/
Let’s Encrypt. (n.d.). ACME Protocol and certificate automation. https://letsencrypt.org/docs/acme-protocol/
Clark, J., & van Oorschot, P. C. (2013). SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. IEEE Symposium on Security and Privacy. https://ieeexplore.ieee.org/document/6547269
Somorovsky, J. (2016). Systematic fuzzing and testing of TLS libraries. ACM Conference on Computer and Communications Security (CCS). https://dl.acm.org/doi/10.1145/2976749.2978429
Holz, R., Amann, J., Mehani, O., Wachs, M., & Zarras, A. (2016). TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication. Network and Distributed System Security Symposium (NDSS). https://www.ndss-symposium.org/ndss2016/tls-wild-internet-wide-analysis-tls-based-protocols-electronic-communication/
Internet Society. (2020). Deploying TLS 1.3. https://www.internetsociety.org/resources/deploy360/tls1-3/