How does https work in browser

This is short note on how HTTPS communication works

In HTTP, data is transferred in clear text making it unsuitable to transfer sensitive data over network,  making it vulnerable to 'man in the middle' attack.   HTTPS solves problems by  sending data via secure channel using encryption to prevent sniffing and authentication to prevent spoofing.

we will try covering following points:
  1. What is HTTPS
  2. Difference between HTTP and HTTPS
  3. HTTPS request flow
What is HTTPS
 HTTPS is hyper text transfer protocol over SSL (secure socket layer). Generally its called as HTTP over SSL or HTTP Secure. HTTPS encrypts and decrypts the pages(data) that is exchanged between webserver and web browser.

This is generally used where authentication is required or sensitive data like credit card details, password needs to be exchanged. 

Difference between HTTP and HTTPS
Default port for http is port 80 , for HTTPS it is 443.  HTTPS works by transmitting normal HTTP  data through an encrypted channel.

HTTPS request flow

There are two parties involved in HTTPS communication:

1. Server: it could be web-server or application server. In our use case, this would host applications and mandates the use of HTTPS.
2. Client browser : its a machine,who request as resource(page). resource is requested typically in a browser like IE, Firefox, chrome.

This does how request flow works:
how https works

This way, handshake is completed and a shared key is exchanged between client and server.
And for any further communication between client and server, this shared secret called session key would used for communication.

When subsequent request  are made to the server, Server encrypts the data using the session key and sends to client . Client decrypts the data using session key.

Good to know Answers:

Why to use Session key instead communication can happen with public and private key ?
PKI communication is CPU intensive, instead of using it for entire communication, its only used to generate a session key. And further communication between server and client happen using symmetric key.  

Difference between HTTPS and SSL ?

SSL is cryptographic protocol for secure communication. It can be used for HTTP, FTP, SMTP etc.

HTTPS : HTTP protocol is used to request and receive the data . It uses  SSL for secure communication of HTTP.

PreMaster Key: client sends premaster secret encrypted with server public key

Session Key : use randomness and premaster key to create session keys

why do SSL certificates exists:

Encryption and Identification.

What is SSLeay :
SSLeay is original TLS/SSL implementation library developed by Eric Young.