SSL Secure connection

Tours of Rome uses a Secure Sockets Layer (SSL)
The protocol is referred to as  HTTP over SSL.
The principal motivation for HTTPS is authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering of the communication. In practice, this provides a reasonable assurance that one is communicating without interference by attackers with the website that one intended to communicate with, as opposed to an impostor.

HTTPS connections are primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems. Since 2018, HTTPS is used primarily to protect page authenticity on all types of websites; secure accounts; and keep user communications, identity, and web browsing private.

Web browsers know how to trust HTTPS websites based on certificate authorities that come pre-installed in their software. Certificate authorities are in this way being trusted by web browser creators to provide valid certificates. Therefore, a user should trust an HTTPS connection to a website if and only if all of the following are true:

  • The user trusts that the browser software correctly implements HTTPS with correctly pre-installed certificate authorities.
  • The user trusts the certificate authority to vouch only for legitimate websites.
  • The website provides a valid certificate, which means it was signed by a trusted authority.
  • The certificate correctly identifies the website
  • The user trusts that the protocol’s encryption layer (SSL/TLS) is sufficiently secure against eavesdroppers.