I had a problem with accepting invalid SSL certificate in my iPhone program. That problem is solved now, however I came to understanding that I have very abstract idea on how exactly the whole thing is working:
and many other questions... Would someone please recommend good source of information with in-depth enough description of how all parts click together?
SSL is a secure protocol that provides safer conversations between two or more parties across the internet. It works on top of the HTTP to provide security. In terms of security, SSL is more secure than HTTPS.
The answer is a definite no. The HTTPS or a SSL certificate alone is not a guarantee that the website is secure and can be trusted. Many people believe that a SSL Certificate means a website is safe to use.
HTTPS is HTTP with encryption and verification. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses. As a result, HTTPS is far more secure than HTTP.
HTTPS is a lot more secure than HTTP! If a site uses accounts, or publishes material that people might prefer to read in private, the site should be protected with HTTPS. Unfortunately, is still feasible for some attackers to break HTTPS.
Plenty of detail here: The First Few Milliseconds of an https Connection
And the definitive book on the subject: SSL and TLS: Designing and Building Secure Systems
Check the articles here, specifically "Introduction to SSL" and "Building user authentication systems for client-server environments."
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With