Skip to Content
Navigation:

A stick figure smiling

Here's a preview from my zine, HTTP: Learn Your Browser's Language! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!

get the zine!
Image of a comic. To read the full HTML alt text, click "read the transcript". get the zine!
read the transcript!

HTTPS: HTTP + secure

Here’s what your browser does when it asks for https://examplecat.com/cat.png:

  1. Negotiate an encryption key (AES symmetric key) to use for this connection to examplecat.com. The browser and server will use the same key to encrypt/decrypt content.

Simplified version of how picking the encryption key works:

browser, represented by the Firefox logo: hey I want examplecat.com
server, represented by a box with a smiley face: here’s proof that I’m examplecat.com
browser, thinking: story checks out!
browser: key exchange
server: key exchange browser and server, thinking: we’re going to use A$29FXY2…. as the encryption key

This protocol for secure communication is called TLS (previously SSL) and you can use it on any TCP connection

  1. Write an HTTP request
GET /cat.png HTTP/1.1
Host: examplecat.com
User-Agent: Mozilla/...
  1. Encrypt the HTTP request With AES & send if to examplecat.com

browser: $Af9bbca^~gggBF
server, thinking: ah, I see,

GET /cat.png HTTP/1.1
Host: examplecat.com
...
  1. Receive encrypted HTTP response

server: BXF^56□gxx…
browser: nice, that means

200 OK
Content-Type: image/png
...