What Is HTTPS?
HTTPS (HyperText Transfer Protocol Secure) is a protocol that adds TLS (Transport Layer Security) encryption to HTTP. When a website's URL begins with "https://", all communication between your browser and the server is encrypted.
HTTPS is the standard for the modern web. Google considers HTTPS adoption as a ranking factor in search results, and major browsers now display a "Not Secure" warning for sites served over plain HTTP.
How TLS Works
TLS (Transport Layer Security) is a protocol designed to encrypt communications. It was formerly known as SSL (Secure Sockets Layer), but the successor standard, TLS, is what's used today.
The TLS Handshake
When an HTTPS connection is established, a process called the "TLS handshake" takes place between the browser and the server.
- The browser requests a connection and sends a list of supported TLS versions and cipher suites
- The server selects a TLS version and cipher suite, then sends its SSL/TLS certificate
- The browser verifies the certificate's validity (CA signature, expiration date, domain name match)
- A shared encryption key (session key) is securely generated through a key exchange algorithm
- All subsequent communication is encrypted using the session key
This process typically completes in just a few tens of milliseconds, so users rarely notice it happening.
TLS Versions
TLS 1.3 (Recommended)
The latest version, finalized in 2018. The handshake has been reduced to a single round trip (1-RTT), improving connection speed. Weak cipher suites have been removed, and forward secrecy is now mandatory.
TLS 1.2
Finalized in 2008 and still widely used today. It provides adequate security when configured with appropriate cipher suites, though improper configuration can leave room for weaker ciphers.
TLS 1.0 / 1.1 (Deprecated)
These versions have known vulnerabilities, and support has been dropped by all major browsers. Servers that only support these versions are no longer accessible.
The Connection Protocol section on Kakunin-san lets you check the TLS version and cipher suite used in your current connection.
The Role of SSL/TLS Certificates
An SSL/TLS certificate is a digital certificate that verifies a website's identity. Issued by a Certificate Authority (CA), it contains the following information:
- Domain name
- Certificate owner information
- CA signature
- Public key
- Expiration date
Types of Certificates
- DV (Domain Validation) certificate: Verifies domain ownership only. Available for free from providers like Let's Encrypt
- OV (Organization Validation) certificate: Also verifies the organization's existence. Suited for business websites
- EV (Extended Validation) certificate: Issued after the most rigorous vetting process. Used by financial institutions and similar organizations
What Is a Cipher Suite?
A cipher suite is a combination of cryptographic algorithms used in a TLS connection. It consists of four components: key exchange, authentication, encryption, and hashing.
For example, TLS_AES_256_GCM_SHA384 means encryption with AES-256-GCM and hashing with SHA-384.
On Kakunin-san, you can check the cipher suite used in your current connection in the Connection Protocol section.
ALPN and HTTP/2 · HTTP/3
ALPN (Application-Layer Protocol Negotiation) is a mechanism for negotiating the application-layer protocol (HTTP/1.1, HTTP/2, HTTP/3, etc.) during the TLS handshake.
HTTP/2 runs over TLS and dramatically improves communication efficiency through multiplexing and header compression. HTTP/3 runs over the QUIC protocol, delivering even faster speeds and more stable connections.
On Kakunin-san, you can also check the ALPN negotiation result and HTTP version.
How to Verify a Secure Connection
- Confirm that a padlock icon appears in your browser's address bar
- Verify that the URL begins with "https://"
- Check the HTTPS/TLS connection rating on Kakunin-san's Security Score
- Confirm that TLS 1.2 or higher is being used
Verifying your HTTPS connection is especially important when using public Wi-Fi.