HTTPS is the secure version of the web’s basic transfer protocol. It is ordinary HTTP carried over an encrypted channel, so that data passing between a browser and a server cannot be read or tampered with along the way. The encryption layer it relies on is called TLS, the Transport Layer Security protocol.
TLS descends from SSL (Secure Sockets Layer), which Netscape created in the mid-1990s to protect early online commerce in its browser. The Internet Engineering Task Force took that work and standardized it as an open protocol. RFC 2246, “The TLS Protocol Version 1.0,” published in January 1999, states that it “specifies Version 1.0 of the Transport Layer Security (TLS) protocol,” establishing the vendor-neutral successor to SSL.
A companion document defined how to combine TLS with the web specifically. RFC 2818, “HTTP Over TLS,” published in May 2000, “describes how to use TLS to secure HTTP connections over the Internet.” This is the specification that gives the “https” web address scheme its meaning.
Together these standards turned encryption from a single browser maker’s feature into a shared internet protocol. Today HTTPS is the default for nearly all web traffic, securing logins, payments, and everyday browsing.