We begin with a quick review of the HTTPS protocol, as covered in Chapter 9, Loading Secure Web Pages with HTTPS and OpenSSL. However, we do recommend that you work through Chapter 9, Loading Secure Web Pages with HTTPS and OpenSSL, before beginning this chapter.
HTTPS uses TLS to add security to HTTP. You will recall from Chapter 6, Building a Simple Web Client, and Chapter 7, Building a Simple Web Server, that HTTP is a text-based protocol that works over TCP on port 80. The TLS protocol can be used to add security to any TCP-based protocol. Specifically, TLS is used to provide security for HTTPS. So in a nutshell, HTTPS is simply HTTP with TLS. The default HTTPS port is 443.
OpenSSL is a popular open source library that provides functionality for TLS/SSL and HTTPS. We use it in this book to provide the methods needed to implement HTTPS clients and servers.
Generally, HTTPS connections are first made using TCP sockets. Once the TCP connection is established, OpenSSL is used to negotiate a TLS connection over the open TCP connection. From that point forward, OpenSSL functions are used to send and receive data over the TLS connection.
An important part of communication security is being able to trust that the connection is to the intended party. No amount of data encryption helps if you have connected to an impostor. TLS uses certificates to prevent against connecting to impostors and man-in-the-middle attacks.
We now need to understand certificates in more detail before we can proceed with our HTTPS server.