HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is really just the use of Netscape's Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.) SSL uses a 40-bit key size for the RC4 stream encryption algorithm, which is considered an adequate degree of encryption for commercial exchange.
Suppose you use a Netscape browser to visit a Web site to view their online catalog. When you're ready to order, you will be given a Web page order form with a Uniform Resource Locator (URL) that starts with https://. When you click "Send," to send the page back to the catalog retailer, your browser's HTTPS layer will encrypt it. The acknowledgement you receive from the server will also travel in encrypted form, arrive with an https:// URL, and be decrypted for you by your browser's HTTPS sublayer.
Encryption :
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood.
The different levels of encryption are :
Standard Encryption (56-bit) version
English High Encryption (128-bit) version.
40-bit Standard Encryption. 56-bit encryption is more secure than 40-bit encryption. The main difference is that 128-bit encryption provides a significantly greater amount of cryptographic protection than 40-bit encryption. With the increasing computing power of potential criminals, it is becoming more necessary to employ larger keys, as evidenced by a recent study by several leading cryptographers.
The SSL protocol supports the use of a variety of different cryptographic algorithms, or ciphers, for use in operations such as authenticating the server and client to each other, transmitting certificates, and establishing session keys. Clients and servers may support different cipher suites, or sets of ciphers, depending on factors such as the version of SSL they support, company policies regarding acceptable encryption strength, and government restrictions on export of SSL-enabled software. Among its other functions, the SSL handshake protocol determines how the server and client negotiate which cipher suites they will use to authenticate each other, to transmit certificates, and to establish session keys.
The cipher suite descriptions that follow refer to these algorithms :
DES. Data Encryption Standard, an encryption algorithm used by the U.S. Government.
DSA. Digital Signature Algorithm, part of the digital authentication standard used by the U.S. Government.
KEA. Key Exchange Algorithm, an algorithm used for key exchange by the U.S. Government.
MD5. Message Digest algorithm developed by Rivest.
RC2 and RC4. Rivest encryption ciphers developed for RSA Data Security.
RSA. A public-key algorithm for both encryption and authentication. Developed by Rivest, Shamir, and Adleman.
RSA key exchange. A key-exchange algorithm for SSL based on the RSA algorithm.
SHA-1. Secure Hash Algorithm, a hash function used by the U.S. Government.
SKIPJACK. A classified symmetric-key algorithm implemented in FORTEZZA-compliant hardware used by the U.S. Government. (For more information, see FORTEZZA Cipher Suites.)
Triple-DES. DES applied three times.
More additional Information can be found at the W3C Security Web Site