Pricing

Mediocre Engineer's Crash Course: HTTPS Essentials

BY Mark Howell 1 years ago4 MINS READ
article cover

Today in Edworking News we want to talk about Mediocre Engineer’s guide to HTTPS
As a mediocre engineer, I took Internet and HTTPS communication for granted and never dove any deeper. Today we’re improving as engineers and learning a rough overview of how internet communication works, specifically focusing on HTTP and TLS. The Internet is a worldwide network of interconnected computer networks. The term "Internet" literally means "between networks." It operates as a packet-switched mesh network with best-effort delivery, meaning there are no guarantees on whether a packet will be delivered or how long it will take.
The reason why the internet appears to operate so smoothly (at least from a technical perspective) is the layers of abstraction that handle retries, ordering, deduplication, security and so many other things behind the scenes. Letting us developers just focus on the application layer (aka. Writing HTTP requests from San Francisco for $300K/year). Each layer provides certain functionalities, which can be fulfilled by different protocols. Such modularization makes it possible to replace the protocol on one layer without affecting the protocols on the other layers.

Lifecycle of a HTTP Request

Sender Makes a Request:
The process begins at the Application layer, where the client (usually a web browser) constructs an HTTP request. HTTP is a text-based protocol, meaning that all this data is sent as plain text over the wire.
DNS Lookup:
The Domain Name System (DNS) translates the human-readable domain name (e.g., www.example.com) into an IP address like 93.184.216.34. This process involves multiple DNS servers, from recursive resolvers to authoritative servers.
TCP Handshake:
Upon obtaining the IP address, the client initiates a TCP connection with the server, usually on port 80, through a three-way handshake.
Transmit HTTP Request:
With the TCP connection established, the client sends the actual HTTP request. This request includes headers and, potentially, a message body, all sent as plain text.
Packets routed across Internet to Server:
When a client sends a request, data packets traverse through various network devices like routers to determine the optimal path to the server.

Description: The layers of HTTP communication from Application to Transport.
Server Response:
After receiving the HTTP request, the server processes it and sends an HTTP response back to the client. The browser then interprets the HTML and renders the content on the screen.

Security Considerations and HTTPS

HTTPS = HTTP + Encryption:
HTTP by itself is not secure. HTTPS uses Transport Layer Security (TLS) to ensure that the client's and server's communication is encrypted and verified. This protects data from being intercepted and prevents phishing.
TLS Handshake:
The TLS handshake allows the client and server to agree on the algorithms for verifying, compressing, and encrypting messages. It involves exchanging random seeds and the server's SSL certificate to generate a symmetric key.
Modern TLS - TLS 1.3:
The newer versions like **TLS 1.3** streamline the handshake process. They eliminate vulnerable cipher suites like RSA and use more secure, efficient mechanisms.
Edworking is the best and smartest decision for SMEs and startups to be more productive. Edworking is a FREE superapp of productivity that includes all you need for work powered by AI in the same superapp, connecting Task Management, Docs, Chat, Videocall, and File Management. Save money today by not paying for Slack, Trello, Dropbox, Zoom, and Notion.

Remember these 3 key ideas for your startup:

  1. Emphasize Secure Communication: Implementing HTTPS/TLS on your website ensures that your customer data is encrypted and protected from interception. This fosters trust and confidence among your users.

  2. Streamline Infrastructure: Understand the different layers and how they work to create a resilient and scalable infrastructure. This offers better performance and reliability, essential for customer satisfaction.

  3. Stay Updated with Protocols: Keep your web services updated with the latest security protocols like TLS 1.3. Implementing the latest standards ensures your security measures are efficient, reducing vulnerabilities.
    By mastering these concepts, your SME can not only improve the user experience but also enhance security and performance significantly.
    For more details, see the original source.

article cover
About the Author: Mark Howell Linkedin

Mark Howell is a talented content writer for Edworking's blog, consistently producing high-quality articles on a daily basis. As a Sales Representative, he brings a unique perspective to his writing, providing valuable insights and actionable advice for readers in the education industry. With a keen eye for detail and a passion for sharing knowledge, Mark is an indispensable member of the Edworking team. His expertise in task management ensures that he is always on top of his assignments and meets strict deadlines. Furthermore, Mark's skills in project management enable him to collaborate effectively with colleagues, contributing to the team's overall success and growth. As a reliable and diligent professional, Mark Howell continues to elevate Edworking's blog and brand with his well-researched and engaging content.

Trendy NewsSee All Articles
CoverEdit PDFs Securely & Freely: Breeze PDF In-Browser SolutionBreeze PDF is a free, offline browser-based PDF editor ensuring privacy. It offers text, image, and signature additions, form fields, merging, page deletion, and password protection without uploads.
BY Mark Howell 2 mo ago
CoverDecoding R1: The Future of AI Reasoning ModelsR1 is an affordable, open-source AI model emphasizing reasoning, enabling innovation and efficiency, while influencing AI advancements and geopolitical dynamics.
BY Mark Howell 26 January 2025
CoverSteam Brick: A Minimalist Gaming Console Redefines PortabilitySteam Brick: A modified, screenless Steam Deck for travel, focusing on portability by using external displays and inputs. A creative yet impractical DIY project with potential risks.
BY Mark Howell 26 January 2025
CoverVisual Prompt Injections: Essential Guide for StartupsThe Beginner's Guide to Visual Prompt Injections explores vulnerabilities in AI models like GPT-4V, highlighting security risks for startups and offering strategies to mitigate potential data compromises.
BY Mark Howell 13 November 2024
CoverGraph-Based AI: Pioneering Future Innovation PathwaysGraph-based AI, developed by MIT's Markus J. Buehler, bridges unrelated fields, revealing shared complexity patterns, accelerating innovation by uncovering novel ideas and designs, fostering unprecedented growth opportunities.
BY Mark Howell 13 November 2024
CoverRevolutionary Image Protection: Watermark Anything with Localized MessagesWatermark Anything enables embedding multiple localized watermarks in images, balancing imperceptibility and robustness. It uses Python, PyTorch, and CUDA, with COCO dataset, under CC-BY-NC license.
BY Mark Howell 13 November 2024
CoverJungle Music's Role in Shaping 90s Video Game SoundtracksJungle music in the 90s revolutionized video game soundtracks, enhancing fast-paced gameplay on PlayStation and Nintendo 64, and fostering a cultural revolution through its energetic beats and immersive experiences.
BY Mark Howell 13 November 2024
CoverMastering Probability-Generating Functions: A Guide for EntrepreneursProbability-generating functions (pgfs) are mathematical tools used in probability theory for data analysis, risk management, and predictive modeling, crucial for startups and SMEs in strategic decision-making.
BY Mark Howell 31 October 2024
Try EdworkingA new way to work from  anywhere, for everyone for Free!
Sign up Now