Back to Blog
6 min readProtocols & Networking

How HTTPS Works Internally

#HTTP#HTTPS#Web Security

HTTPS is not a separate protocol; it is simply HTTP layered on top of TLS.

The Stack

  1. IP: Routes packets from A to B.
  2. TCP: Ensures reliable delivery (SYN, SYN-ACK, ACK).
  3. TLS: Establishes a secure session.
  4. HTTP: Sends the actual request (GET /index.html).

The Connection Flow

  1. DNS Lookup: Browser resolves google.com to an IP.
  2. TCP Handshake: Browser connects to port 443.
  3. TLS Handshake: Browser and server agree on keys and verify identity.
  4. HTTP Request: Browser sends GET / inside the encrypted TLS tunnel.
  5. HTTP Response: Server sends HTML inside the tunnel.

Why Certificates Matter

Without a certificate signed by a trusted Certificate Authority (CA), you have encryption but no authentication. You could be talking securely to an attacker (Man-in-the-Middle).

Self-Signed Certs

This is why self-signed certificates trigger browser warnings. The browser trusts the encryption math, but it doesn't trust who is on the other end.