<Li> With mutual SSL / TLS, security is maximal, but on the client - side, there is no way to properly end the SSL / TLS connection and disconnect the user except by waiting for the server session to expire or closing all related client applications . </Li> <P> A sophisticated type of man - in - the - middle attack called SSL stripping was presented at the Blackhat Conference 2009 . This type of attack defeats the security provided by HTTPS by changing the https: link into an http: link, taking advantage of the fact that few Internet users actually type "https" into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP . The attacker then communicates in clear with the client . This prompted the development of a countermeasure in HTTP called HTTP Strict Transport Security . </P> <P> HTTPS has been shown vulnerable to a range of traffic analysis attacks . Traffic analysis attacks are a type of side - channel attack that relies on variations in the timing and size of traffic in order to infer properties about the encrypted traffic itself . Traffic analysis is possible because SSL / TLS encryption changes the contents of traffic, but has minimal impact on the size and timing of traffic . In May 2010, a research paper by researchers from Microsoft Research and Indiana University discovered that detailed sensitive user data can be inferred from side channels such as packet sizes . More specifically, the researchers found that an eavesdropper can infer the illnesses / medications / surgeries of the user, his / her family income and investment secrets, despite HTTPS protection in several high - profile, top - of - the - line web applications in healthcare, taxation, investment and web search . Although this work demonstrated vulnerability of HTTPS to traffic analysis, the approach presented by the authors required manual analysis and focused specifically on web applications protected by HTTPS . </P> <P> The fact that most modern websites, including Google, Yahoo!, and Amazon, use HTTPS causes problems for many users trying to access public Wi - Fi hot spots, because a Wi - Fi hot spot login page fails to load if the user tries to open an HTTPS resource . Several websites, such as nonhttps.com or nothttps.com, guarantee that they will always remain accessible by HTTP . </P>

The s in https stands for secure. that means these sites use a protocol for secure communication