EN
Русский
TCP
Web
Port 443 (HTTPS)
Learn about port 443 (HTTPS) - security risks, vulnerabilities, and common uses. Find devices with port 443 open.
Quick Info
Port Number
443
Protocol
TCP
Service
HTTPS
IANA Name
HTTPS
Service Description
TCP port 443 is the standard port for HTTPS (Hypertext Transfer Protocol Secure), the secure version of HTTP used for encrypted communication over the internet. It leverages TLS (Transport Layer Security) or its predecessor SSL (Secure Sockets Layer) to establish a secure connection between a client (e.g., a web browser) and a server (e.g., a web server). The history of HTTPS traces back to Netscape in the mid-1990s, aiming to secure web transactions and protect sensitive data like credit card information. While SSL was initially used, TLS has largely superseded it due to security vulnerabilities in older SSL versions. The transition from SSL to TLS involved multiple iterations of protocol enhancements and standardization efforts by organizations like the IETF (Internet Engineering Task Force).
At a technical level, when a client initiates an HTTPS connection on port 443, it sends a TCP SYN packet to the server. The server responds with a SYN-ACK, and the client completes the three-way handshake with an ACK. After the TCP connection is established, the client and server engage in a TLS handshake. This involves the client sending a "ClientHello" message, which includes supported TLS versions and cipher suites. The server responds with a "ServerHello" message, selecting a TLS version and cipher suite. The server then sends its digital certificate, which the client verifies to authenticate the server's identity. If the certificate is valid, the client generates a pre-master secret, encrypts it using the server's public key from the certificate, and sends it to the server. Both client and server independently derive a shared secret key from the pre-master secret. This shared secret key is then used to encrypt all subsequent HTTP communication using symmetric encryption algorithms, ensuring confidentiality and integrity of the data exchanged between the client and server.
## Firewall Recommendations
Port 443 should generally be allowed outbound for clients to access HTTPS websites and services. Inbound access to port 443 should be allowed for web servers and other services that provide HTTPS functionality. It is crucial to configure firewalls to allow only necessary traffic and to implement intrusion detection and prevention systems to monitor for malicious activity. Rate limiting can be applied to mitigate denial-of-service attacks. Regularly review firewall rules and access logs to identify and address potential security issues. Using a web application firewall (WAF) can further protect web servers by filtering malicious HTTP traffic and preventing application-layer attacks. Ensure that the web server and TLS/SSL libraries are kept up to date with the latest security patches.
At a technical level, when a client initiates an HTTPS connection on port 443, it sends a TCP SYN packet to the server. The server responds with a SYN-ACK, and the client completes the three-way handshake with an ACK. After the TCP connection is established, the client and server engage in a TLS handshake. This involves the client sending a "ClientHello" message, which includes supported TLS versions and cipher suites. The server responds with a "ServerHello" message, selecting a TLS version and cipher suite. The server then sends its digital certificate, which the client verifies to authenticate the server's identity. If the certificate is valid, the client generates a pre-master secret, encrypts it using the server's public key from the certificate, and sends it to the server. Both client and server independently derive a shared secret key from the pre-master secret. This shared secret key is then used to encrypt all subsequent HTTP communication using symmetric encryption algorithms, ensuring confidentiality and integrity of the data exchanged between the client and server.
## Firewall Recommendations
Port 443 should generally be allowed outbound for clients to access HTTPS websites and services. Inbound access to port 443 should be allowed for web servers and other services that provide HTTPS functionality. It is crucial to configure firewalls to allow only necessary traffic and to implement intrusion detection and prevention systems to monitor for malicious activity. Rate limiting can be applied to mitigate denial-of-service attacks. Regularly review firewall rules and access logs to identify and address potential security issues. Using a web application firewall (WAF) can further protect web servers by filtering malicious HTTP traffic and preventing application-layer attacks. Ensure that the web server and TLS/SSL libraries are kept up to date with the latest security patches.
Security Information
Port 443, while designed for secure communication, is not immune to security risks. Attacks targeting HTTPS often exploit vulnerabilities in the TLS/SSL protocol implementations, the web server software, or the underlying operating system. Man-in-the-middle (MITM) attacks can attempt to intercept and decrypt traffic if weak or outdated cipher suites are used. Vulnerabilities in the server's SSL/TLS configuration, such as allowing insecure protocols or weak ciphers, can be exploited. Application-layer attacks, like SQL injection or cross-site scripting (XSS), can also occur over HTTPS if the web application itself is vulnerable. Due to the prevalence of HTTPS for sensitive data transmission, it is a prime target for attackers seeking to steal credentials, financial information, or other confidential data. Regularly patching and updating software, using strong cipher suites, and properly configuring SSL/TLS settings are crucial for mitigating these risks.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2014-0160 | Heartbleed | Critical | A critical vulnerability in OpenSSL that allowed attackers to read sensitive memory from the server, potentially exposing private keys and other confidential information. |
| CVE-2016-2183 | SWEET32 | Medium | A collision attack against 64-bit block ciphers (like 3DES) in TLS, allowing attackers to potentially decrypt traffic after observing a large amount of traffic. |
| CVE-2014-3566 | POODLE (SSLv3) | Medium | Padding Oracle On Downgraded Legacy Encryption. A vulnerability in SSLv3 that allows attackers to decrypt portions of encrypted traffic by exploiting weaknesses in the padding mechanism. |
| CVE-2015-0204 | FREAK | High | Factoring RSA Export Keys. A vulnerability that allowed attackers to force servers to use weaker, export-grade RSA encryption, making them susceptible to decryption. |
| CVE-2018-12384 | Apache Range Header DoS | Low | An issue in Apache HTTP Server can lead to a denial of service (DoS) when processing crafted HTTP Range headers. This can overwhelm the server and make it unavailable. |
Common Software
- Apache HTTP Server
- nginx
- Microsoft IIS
- OpenSSL
- cURL
- OpenVPN (when configured for HTTPS)
- HAProxy
- Node.js (with HTTPS modules)
- Python (with HTTPS libraries like Requests)
Find all devices with port 443 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning