In our guide to HTTPS, we explained how the protocol uses port 443, which is encrypted via SSL/TLS Certificates. This is an upgrade from the unencrypted port 80, which is the default port used for HTTP traffic.
In short, the encrypted port 443 adds the “Secure” in Hypertext Transfer Protocol Secure (HTTPS), which is the protocol all websites are now expected to have. Without it, websites are flagged as unsecured, and all popular browsers strongly warn users not to connect.
In this article, we’ll explore this aspect of the SSL/TLS ecosystem more closely, explaining what port 443 is, how it differs from port 80, and how it interacts with SSL/TLS certificates to enable secure browsing online.
What Are Port Numbers and How Do They Work?
Whenever your device communicates with a server (such as when you visit a website or send an email), two main components are involved: the IP address and the port number.
Let’s say you’re visiting a friend at their apartment for the weekend. You can think of the IP address as the street address of the apartment, while the port number is their specific unit number.
So, while the IP address identifies the location of the server, the port number identifies the specific service or application you want to communicate with.
Ports are integral to TCP (Transmission Control Protocol), a transport protocol used to establish online connections. This type of connection is identified by an IP address + port number combination, which is known as a socket.
For example, a socket might look like 192.0.2.1:443. In this example, 192.0.2.1 refers to the IP address, while 443 refers to the port.
But how does this all interact when you connect to a website?
When you open a webpage, your browser (such as Chrome or Microsoft Edge) does the following:
- DNS Resolution
Your browser contacts a DNS (Domain Name Server) to identify the IP address associated with the domain name. This is how the physical address of the website’s server is identified before connection takes place. - TCP Handshake
The browser initiates a TCP connection to the identified IP address via the appropriate port (port 80 if the website is HTTP, port 443 if the website has HTTPS enabled via an SSL/TLS Certificate). After this, your browser and the server perform the SSL/TLS handshake to establish encryption parameters. - Client Port
On your device, your operating system (such as Windows or Linux) assigns you a random, temporary port number (typically ranging from 49152 to 65535). This number represents your client port, which is active for the duration of your connection. - Two-Way Client/Server Communication
Communication between your device and the server takes place with your client port and the server port.
For example, let’s examine this socket pair for a HTTPS (SSL/TLS enabled) connection “203.0.113.10:50932 → 192.0.2.1:443”
203.0.113.10 is your IP address. 50932 is your temporary client port (falling between 49152 and 65535). 192.0.2.1 is the IP address of the web server you are connecting to. 443: This is the dedicated server port that handles HTTPS traffic (HTTP over SSL/TLS).
Because the connection is taking place through port 443, all traffic (such as page requests, login data, form submissions, etc.) is sent as encrypted ciphertext between your client port (50932) to the server’s port 443, and vice versa.
Why are Client Ports Important?
If you’re the kind of web surfer who likes to jump between multiple websites and tabs, then you owe it all to client ports. Client ports are necessary for your computer to identify, track and manage multiple connections at the same time.
Whenever you start a new connection, a new client port is dynamically selected and assigned to the session. When you close that tab, the port is released for use again.
If you haven’t caught on already, this means that there is a finite amount of client ports available for you to use at any given time. Since port numbers 49152 to 65535 are reserved for the client dynamic/private port range, there are only around 16,384 available client ports you can use.
Of course, this is rarely an issue for the average internet user (unless you have the time to open thousands upon thousands of tabs). Still, in circumstances where all available ports are used (such as busy proxy servers), new connection requests would fail because there are no available private ports to use.
What is Port 443 and What Makes it Different?
Now that we’ve explored how port numbers work, let’s take a closer look at port 443.
As we explained in our example, port 443 is dedicated to handling secure web traffic. This is the default port for HTTPS, which is just HTTP layered over an SSL/TLS encryption.
But how does this work?
When you connect to any URL that begins with HTTPS (such as https://www.ssltrust.com.au/ssl-certificates), your browser automatically knows it should attempt to connect to the server via port 443.
At this point, the SSL/TLS handshake takes place as normal. You can learn precisely how the handshake works with SSL/TLS certificates in our comprehensive TLS guide.
From a hardware standpoint, port 443 is nothing physically distinct or special; it’s simply a logical endpoint defined by software. It’s basically an instruction that says, “Hey, the traffic coming through this port should be encrypted!”
As such, if your client tried to send plaintext data to port 443, the server would be confused and reject the connection because it’s expecting encrypted ciphertext. In the reverse, sending ciphertext to port 80 would also fail, since the server won’t try to negotiate an SSL/TLS handshake there.
What is Port 80 and Why Does it Still Exist?
At this point, it makes sense to ask: Why do we still have port 80 at all?
Port 80 is the default port for HTTP traffic, which was widely used before HTTPS became standard.
The way port 80 works during an online connection is almost identical to that of port 443; the only difference is that the server is expecting plaintext (unencrypted) data rather than ciphertext.
Ok, but why is port 80 still used if it’s been superseded by port 443?
The short answer is that port 80 is still a foundational and necessary part of the infrastructure of the Internet.
Back when the Internet was first created, security was far less of a concern than it is today. The Internet was fundamentally built on HTTP, and by extension, port 80.
If port 80 was eliminated overnight, then you’d break billions of existing URLs, devices and legacy systems that we designed around using it as the default.
Rebuilding everything on HTTPS would be a monumental task. It’s also an unnecessary one because of the function of redirects.
With this in mind, let’s examine redirects and the other reasons port 80 is still in use.
Redirects
The most common use of port 80 today is to catch HTTP requests and redirect them to HTTPS.
For example, when you try to connect to http://www.ssltrust.com.au/ssl-certificates you’ll automatically be connected to https://www.ssltrust.com.au/ssl-certificates instead ( notice the difference at the beginning in http:// and https:// ). This is done via a 301 (permanent) or 302 (temporary) redirect.
This is how websites enforce secure connections, even when someone deliberately tries to connect to the HTTP version of a page.
Legacy Systems and Compatibility
Many older systems, internal tools and embedded devices still use HTTP and port 80 for communication. In certain environments (like isolated networks), this is acceptable since there really isn’t any risk of unencrypted traffic being intercepted and exploited.
Easy Set-Up for Non-Sensitive, Public Content
Of course, port 80 and HTTP are still usable in contexts where there isn’t any sensitive data being shared. For example, if a website had a marketing page that was simply a one-way form of communication, there wouldn’t really be any risk with the traffic being unencrypted.
However, because this page isn’t encrypted, it would still display browser warnings (even if there’s no real risk to the user). Because of this, pages like this are less and less common since there are significant SEO and user trust disadvantages to serving content over HTTP.
You can learn more about this in our article on why you should use HTTPS.
Conclusion: The Doorway to Secure Web Communication over SSL/TLS
With all the necessary complexity of SSL/TLS encryption, port numbers might only seem like a minor technical detail. Still, they’re an integral part of how the Internet works, and importantly, how we stay secure online, so it’s good to understand what they are and how they work.
While port 80 is the backbone of the early internet, and won’t be going anywhere soon, operating exclusively over port 443 is now the gold standard.