When I talked about HTTPS before, my concept was that it was more secure and required the server to be configured with a certificate, but there was no concrete idea in my head of what exactly HTTPS was, why it was more secure, and how the whole process was implemented. So, I spent a few days learning the implementation of the whole set of HTTPS mechanisms by referring to some articles, and wanted to summarize what I learned in an article so that more students who were previously unsure of what HTTPS actually is would have an introductory understanding.
Many of the articles I've read explain it through a lot of text and protocol diagrams, but it tends to get a bit boring, in this article I'll be illustrating the evolution from HTTP to HTTPS graphically through a flowchart so that you can understand it a bit more easily. Of course, this is just the introductory level, if you want to learn more in-depth knowledge of HTTPS, you still have to dive into one protocol after another and read some big parts to achieve full understanding.
This article will also be synced to my personal website.
What does HTTP look like?
HTTP is an application layer protocol, which is based on TCP/IP, so it simply specifies some content to be transmitted, along with header information, which is then transmitted over the TCP protocol, relying on the IP protocol for addressing, as depicted by the simplest diagram.
The client makes the request and the server responds, it's that simple. There is nothing encrypted throughout the process, so it is insecure and a man-in-the-middle can intercept and access the data transmitted and responded to, causing a data breach.
How about a cipher?
Since the data in the above figure is transmitted in clear text, the simplest way we can think of to improve security is to encrypt the data before transmission, as follows.