When examining http://example.com:443 and https://example.com:80, we're dealing with protocol-port combinations that violate standard conventions:
// Standard port assignments
const STANDARD_PORTS = {
http: 80,
https: 443,
ftp: 21,
ssh: 22
};
Case 1: HTTP on port 443
- Attempts to establish unencrypted connection on TLS port
- Most servers will reject or redirect this request
- Example server configuration in Nginx:
server {
listen 443;
server_name example.com;
return 301 https://$host$request_uri; # Force HTTPS
}
Case 2: HTTPS on port 80
- Tries to establish TLS connection on HTTP port
- Will typically fail unless server is specifically configured
- Example curl command that would fail:
curl --verbose https://example.com:80
# Expect error: "Failed TLS handshake"
Neither configuration is theoretically secure:
| Scenario | Encryption | Port Standard | Vulnerability |
|---|---|---|---|
| HTTP:443 | None | Non-standard | Potential cleartext on TLS port |
| HTTPS:80 | Attempted | Non-standard | Likely connection failure |
When implementing web services:
// Proper HTTPS implementation in Node.js
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.cert'),
port: 443 // Standard HTTPS port
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end('Secure connection established');
}).listen(options.port);
- Always use standard port assignments
- Implement HSTS headers for HTTPS enforcement
- Configure server to redirect HTTP to HTTPS
- Use port 443 exclusively for HTTPS traffic
# Apache configuration for proper HTTPS
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
# SSL certificate configurations...
</VirtualHost>
When troubleshooting, use these tools:
# Check port responses with openssl
openssl s_client -connect example.com:443 -showcerts
# Test HTTP response on any port
curl -v http://example.com:80
# Verify certificate validity
openssl x509 -in certificate.crt -text -noout
When examining http://example.com:443 versus https://example.com:80, we're dealing with protocol-port combinations that violate standard conventions. The HTTP specification (RFC 2616) and HTTPS (RFC 2818) establish default ports:
// Standard port assignments HTTP → Port 80 (cleartext) HTTPS → Port 443 (encrypted)
Modern web servers handle these mismatches differently:
- Case 1: HTTP on 443
$ curl -v http://example.com:443 * Trying 93.184.216.34:443... * Connected to example.com (93.184.216.34) port 443 (#0) > GET / HTTP/1.1 > Host: example.com:443 > < HTTP/1.1 400 Bad Request < Server: Varnish
Most servers reject plain HTTP on port 443
- Case 2: HTTPS on 80
$ curl -v https://example.com:80 * Trying 93.184.216.34:80... * Connected to example.com (93.184.216.34) port 80 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): ... * SSL certificate verify ok. > GET / HTTP/1.1 > Host: example.com:80 > < HTTP/1.1 200 OK
Many servers support HTTPS on port 80 as fallback
The theoretical security comparison:
| Scenario | Encryption | Vulnerability |
|---|---|---|
| HTTP:443 | None | MITM attacks, cleartext credentials |
| HTTPS:80 | TLS 1.2+/SSL | Potential downgrade attacks |
How different web servers handle these cases:
Nginx Configuration
server {
listen 80 ssl; # HTTPS on port 80
listen 443; # HTTP on port 443
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
}
Apache Configuration
<VirtualHost *:80>
SSLEngine on
SSLCertificateFile "/path/to/cert.pem"
SSLCertificateKeyFile "/path/to/key.pem"
</VirtualHost>
<VirtualHost *:443>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>
- Always use HTTPS on standard port 443
- Redirect HTTP to HTTPS (HSTS implementation)
- Use port 80 only for redirection purposes
- Test configurations with OpenSSL:
openssl s_client -connect example.com:80 -tls1_2
Example Node.js server with proper protocol handling:
const https = require('https');
const http = require('http');
const fs = require('fs');
// HTTPS server on port 443
https.createServer({
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.cert')
}, (req, res) => {
res.writeHead(200);
res.end('Secure connection\n');
}).listen(443);
// HTTP server on port 80 redirects to HTTPS
http.createServer((req, res) => {
res.writeHead(301, {
'Location': https://${req.headers.host}${req.url}
});
res.end();
}).listen(80);
For maximum security, consider implementing Certificate Transparency and OCSP stapling in your configurations.