Secure-HTTP (designated as ‘https’ in the browser bar) is simply an extended version of HTTP that provides – you guessed it – security. Secure-HTTP is essentially SSL applied over HTTP – but it works differently in a few distinct ways.

• In a difference to SSL, a secure-HTTP is established to send a single message over the internet at a time, so secure-HTTP must establish a new connection each time it is used.
• Establishing a session entails the client and server having compatible cryposystems and an agreeing configuration.
  • The client can then send the serer its own public key so that the server can create a session key. The client’s public key is then used to encrypt the server’s session key. Both the client and server now having identical session keys, the transmission begins.
• Secure-HTTP support is built into modern browser for nearly universal use. Examples of use are email, banking, shopping, etc.

(Information gathered from “Principles of Information Security”, Whitman/Mattord, pg 382-383)