Questions tagged [https]

Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encrypted communication and secure identification of a network web server.

Hypertext Transfer Protocol Secure (https) is a widely used communications protocol for secure communication over a computer network, with especially wide deployment on the Internet.

Technically, it is not a protocol in itself; rather, it is the result of simply putting SSL/TLS between Hypertext Transfer Protocol (http) and tcp, thus adding the security capabilities of ssl/tls to standard http communications.

HTTP: HTTP | TCP | lower-layer-protocols
HTTPS: HTTP | TLS/SSL | TCP | lower-layer-protocols

HTTP uses the client/server computing model (client-server), where a client makes a request of a server for access to a file or to pass a message to a program that runs in the server computer. The server takes the requested action and returns a response.

See the tag ssl for more information on Transport Layer Security (tls) and its predecessor, Secure Sockets Layer (ssl).

Resources

Wikipedia HTTPS article

25003 questions

1870

votes

29 answers

How do we control web page caching, across all browsers?

Our investigations have shown us that not all browsers respect the HTTP cache directives in a uniform manner. For security reasons we do not want certain pages in our application to be cached, ever, by the web browser. This must work for at least…

http caching https http-headers cross-browser

asked Sep 08 '08 at 12:08

Edward Wilde

25,967
8
55
64

1663

votes

37 answers

Android 8: Cleartext HTTP traffic not permitted

I had reports from users with Android 8 that my app (that uses back-end feed) does not show content. After investigation I found following Exception happening on Android 8: 08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception:…

android http https

asked Aug 29 '17 at 13:48

david.s

16,880
3
13
11

1286

votes

14 answers

Are HTTPS URLs encrypted?

Are all URLs encrypted when using TLS/SSL (HTTPS) encryption? I would like to know because I want all URL data to be hidden when using TLS/SSL (HTTPS). If TLS/SSL gives you total URL encryption then I don't have to worry about hiding confidential…

ssl https httprequest

asked Jan 31 '09 at 21:15

Daniel Kivatinos

24,088
23
61
81

935

votes

19 answers

How can I make git accept a self signed certificate?

Using Git, is there a way to tell it to accept a self signed certificate? I am using an https server to host a git server but for now the certificate is self signed. When I try to create the repo there for the first time: git push origin master…

git version-control https self-signed

asked Jul 23 '12 at 23:00

Ian Vink

66,960
104
341
555

765

votes

9 answers

Are HTTPS headers encrypted?

When sending data over HTTPS, I know the content is encrypted, however I hear mixed answers about whether the headers are encrypted, or how much of the header is encrypted. How much of HTTPS headers are encrypted? Including GET/POST request URLs,…

security post encryption https get

asked Oct 09 '08 at 15:00

Dan Herbert

99,428
48
189
219

617

votes

10 answers

Enabling HTTPS on express.js

I'm trying to get HTTPS working on express.js for node, and I can't figure it out. This is my app.js code. var express = require('express'); var fs = require('fs'); var privateKey = fs.readFileSync('sslcert/server.key'); var certificate =…

node.js https express

asked Jul 31 '12 at 16:40

Alan

45,915
17
113
134

598

votes

36 answers

Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?

Edit : I tried to format the question and accepted answer in more presentable way at my blog. Here is the original issue. I am getting this error: detailed message sun.security.validator.ValidatorException: PKIX path building…

java ssl https

asked Mar 08 '12 at 14:17

M Sach

33,416
76
221
314

547

votes

35 answers

Google Chrome redirecting localhost to https

When I debug a Visual Studio project using Chrome the browser tries to redirect to the https equivalent of my web address. I do not have SSL enabled in the web project and the start URL is the http URL. When I debug using FireFox or IE I do not…

google-chrome https localhost

asked Aug 13 '14 at 03:14

Brett Mathe

6,429
7
23
24

478

votes

14 answers

Is it valid to replace http:// with // in a In this case the site is HTTPS, but the site may also be just HTTP. (The JS file is on another domain.) I'm wondering if it's valid to…

html http https uri protocol-relative

asked Feb 15 '09 at 00:15

Darryl Hein

142,451
95
218
261

471

votes

11 answers

How do I disable the security certificate check in Python requests

I am using import requests requests.post(url='https://foo.example', data={'bar':'baz'}) but I get a request.exceptions.SSLError. The website has an expired certficate, but I am not sending sensitive data, so it doesn't matter to me. I would imagine…

python https python-requests

asked Mar 16 '13 at 05:38

Paul Draper

78,542
46
206
285

462

votes

7 answers

git clone with HTTPS or SSH remote?

git clone supports both HTTPS and SSH remote URLs. Which should I use? What are the advantages of each? GitHub's docs don't make a recommendation either way. I recall in 2013 GitHub used to recommend SSH (archive link). Why was that?

git github ssh https

asked Jun 14 '12 at 21:37

John Livermore

30,235
44
126
216

458

votes

4 answers

Are querystring parameters secure in HTTPS (HTTP + SSL)?

Do querystring parameters get encrypted in HTTPS when sent with a request?

security https http-get

asked Apr 13 '10 at 11:48

Deep

5,772
2
26
36

443

votes

7 answers

Is it possible to have SSL certificate for IP address, not domain name?

I want my site to use URLs like http://192.0.2.2/... and https://192.0.2.2/... for static content to avoid unnecessary cookies in request AND avoid additional DNS request. Is there any way to obtain SSL cert for this purpose?

https dns ip-address ssl-certificate

asked Jan 11 '10 at 17:37

Evgenyt

10,201
12
40
44

430

votes

22 answers

Trusting all certificates using HttpClient over HTTPS

Recently posted a question regarding the HttpClient over Https (found here). I've made some headway, but I've run into new issues. As with my last problem, I can't seem to find an example anywhere that works for me. Basically, I want my client to…

java ssl https certificate apache-httpclient-4.x

asked Apr 15 '10 at 04:41

harrisonlee

5,068
4
21
20

428

votes

9 answers

Is a HTTPS query string secure?

I am creating a secure web based API that uses HTTPS; however, if I allow the users to configure it (include sending password) using a query string will this also be secure or should I force it to be done via a POST?

ssl https query-string

asked Nov 27 '08 at 08:18

John

29,788
18
89
130

2 3

…

99 100 Next