How does HTTPS provide security?

Question

I want to know how HTTPS is implemented. Whether the data is encrypted or path is encrypted (through which data is passed). I will be thankful if someone provides me impleme

Answer 1

I thought this was a really concise human readable explanation: http://robertheaton.com/2014/03/27/how-does-https-actually-work/

Here is my summarised version:

Concepts:

• Asymmetric cryptography algorithm – Public key encryption, private key decryption.
• Symmetric cryptography algorithm – Public key encryption and decryption.

Handshake:

1. Hello – Client send cryptography algorithm and the SSL version it supports.
2. Certificate Exchange – Server sends certificate to identify itself, and certificate public key.
3. Key Exchange – The client uses Certificate public key to encrypt a new client regenerated public key (using the agreed asymmetric cryptography algorithm from step 1) and sends it to the server. The server decrypts it using its private key (using asymmetric cryptography algorithm).
4. Data Exchange - This public key is now know by both client and server. It is used for subsequent requests/responses for both encryption and decryption on both client and server (symmetric cryptography algorithm)