SSL Secure connection

Tours of Rome uses a Secure Sockets Layer (SSL)
The protocol is referred to asĀ  HTTP over SSL.
The principal motivation for HTTPS isĀ authenticationĀ of the accessedĀ websiteĀ and protection of theĀ privacyĀ andĀ integrityĀ of the exchanged data while in transit. It protects againstĀ man-in-the-middle attacks. The bidirectionalĀ encryptionĀ of communications between a client and server protects againstĀ eavesdroppingĀ andĀ tamperingĀ of the communication.Ā In practice, this provides a reasonable assurance that one is communicating without interference by attackers with the website that one intended to communicate with, as opposed to an impostor.

HTTPS connections are primarily used for payment transactions on theĀ World Wide Web, e-mail and for sensitive transactions in corporate information systems. Since 2018,Ā HTTPS is used primarily to protect page authenticity on all types of websites; secure accounts; and keep user communications, identity, and web browsing private.

Web browsers know how to trust HTTPS websites based onĀ certificate authoritiesĀ that come pre-installed in their software. Certificate authorities are in this way being trusted by web browser creators to provide valid certificates. Therefore, a user should trust an HTTPS connection to a websiteĀ if and only ifĀ all of the following are true:

  • The user trusts that the browser software correctly implements HTTPS with correctly pre-installed certificate authorities.
  • The user trusts the certificate authority to vouch only for legitimate websites.
  • The website provides a valid certificate, which means it was signed by a trusted authority.
  • The certificate correctly identifies the website
  • The user trusts that the protocol’s encryption layer (SSL/TLS) is sufficiently secure against eavesdroppers.