When do you use https:// and when do you use ssl://?

The https:// prefix is for secure web sites, with a default port of 443, and indicates that the browser or other user-agent should try and connect with SSL and then talk HTTP.

I've never seen an ssl:// URI - where did that come from?

The W3C has a list of common schemes; IANA has a list of the officially-defined schemes.

(Edit: apparently it's only used in PHP as a socket transport in the Internet domain)


I only know ssl:// when used in PHP Scripts (fsockopen as a way to open a SSL connection to a given host/port, but that does not imply any protocol), so in 99.99% of all cases I would use https://

hostname
If you have compiled in OpenSSL support, you may prefix the hostname with either ssl:// or tls:// to use an SSL or TLS client connection over TCP/IP to connect to the remote host.


https://somewebsite tells the browser that you want to connect to somewebsite over a secure channel on the (usually default) port of 443 (as opposed to 80 for http).

SSL is the cryptographic protocol that provides this security, which combined with public key infrastructure and a trusted certificate authority (someone who tells your browser who to trust) is how https achieves a secure connection using the HTTP protocol.

So to answer your question, https is what you'd use in the browser URL, but SSL is part of the underlying story.

helpful?


Erm, I've never used ssl://. SSL is a transport option. It doesn't specify what protocol to talk or what port. My guess is that you'd only use it when you wanted to open a connection to a SSL port, much in the same way you'd open a telnet connection to a port. You'd have to specify the port in the URL. Any program connecting to that URL will have to make assumptions about the protocol it wanted to talk.

HTTPS:// is HTTP over SSL/TLS and implies that you'd connect to port 443 (although you can specify another port) and that the program should talk HTTP down the connection.