Before diving into details of cryptography, it is appropriate to first step back for a view of computer security in general. "Security is a process, not a product" (Bruce Schneier in Secrets and Lies, Wiley Computer Publishing, 2000) and while HTTPS can be a useful component of that process it is dangerous to think that it provides security in and of itself. It is also important to understand the "threat model" as it applies to your intended application: what are you protecting?; from whom?; what resources do they have available?; how much are you willing to pay? Given that you are interested in HTTPS, it is reasonable to assume that you are considering handling some sort of sensitive data via a web server. So consider:
TLS only protects the data during transmission. What happens to the data once it is received?
... or even before it is sent?
Is the computer running your webserver itself secure from outside attack? Is it up-to-date on patches? What else does it do?
Is your webserver (and any computers to which it passes information) physically secure? Are staff who have legitimate access to it trustworthy? Can the cleaners read data from the server before anyone arrives in the mornings? Etc., etc.
Remember too that there may be legal requirements if you process some forms of data. If you process data that relates to identifiable living human beings then the provisions of the Data Protection Act 1998 will apply to that processing. If you are responsible for encrypted data then the Regulation of Investigatory Powers Act 2000 may apply and could require you to decrypt data under some circumstances, or even to hand over your encryption keys.