7.2. HTTPS
HTTPS is not a single protocol, rather it is the combination of HTTP over an SSL transport. Therefore, the properties of both HTTP and SSL are embodied in HTTPS. By including SSL, you gain the following three benefits: encryption, identification of parties, and session state.
SSL provides encryption using any one of a number of protocols. When SSL establishes a connection, it first negotiates which protocol to use. The result should be the strongest encryption algorithm that both ends support. Of course, if one end supports only a weak encryption algorithm, then the resulting connection will be relatively insecure. For systems where the strength of encryption is important, you should validate that the algorithm chosen is acceptable. ...
Get Sun Certified Enterprise Architect for J2EE™ Technology Study Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
