I saw in various discussions that http is used, but also that traffic is encrypted. What is the protocol here exactly? Can https be used?
IMO you can use both .
The IPFS network itself doesnt use HTTP or HTTPS. Its only used in the communication between the ipfs gateway and the browser. A ipfs gateway can be your own computer (http://localhost:8080/ipfs/IPFSHASH) or an external server like https://gateway.ipfs.io/ipfs/IPFSHASH.
Besides, if you use IPFS on the browser, you’re not necessarily using HTTP. You can use js-ipfs that uses WebRTC, a protocol for p2p communication with native support on modern browsers (which is encrypted if I’m not mistaken).
But talking about HTTPS, it all depends on the gateway. The most used ones are served using HTTPS (ipfs.io, pinata, cloudflare,…) but you could create your own custom gateway that uses simple HTTP.
The IPFS protocol is not encrypted because by default all the content shared on the network is public. If you want to share sensitive data on IPFS, you could use a swarm key with the other consumers of the data. I don’t think public key cryptography is implemented natively on IPFS.