SSL port numbers serve as communication endpoints for transmitting or receiving data. One of the primary functions of these ports is to establish a secure connection between a web page and a website hosting server or the CDN/WAF that might sit in front of it. These add an extra layer of security by leveraging either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) certificates for encryption.
At their core, HTTPS ports are identified using numerical codes. For instance, your web browser might use network ports 443 to connect to your website’s hosting server for secure HTTPS connections.
In this post, we’ll take a look at the most common default ports for HTTPS and explain how HTTPS and SSL certificates work together to encrypt and secure your website’s data.
Contents:
- What is a port number?
- What is the difference between SSL and the HTTPS protocol?
- What is the default port for HTTPS?
- What are the most common TCP ports?
- What’s the difference between SSL and TLS?
- What OSI levels do SSL/TLS and HTTPS operate on?
- How can I get HTTPS on my website?
What is a port number?
A port number serves as a unique identifier for specific processes to which network messages are directed upon reaching a server. Every network-connected device features standard ports with uniquely assigned numbers, each designated for a specific protocol and function.
For instance, one of the most frequently used ports, port 80, is always assigned to HTTP messages. The idea of port numbers, initially termed as socket numbers, was proposed by the Advanced Research Projects Agency Network’s developers, and bears a similarity to the class of Internet Protocol (IP) addresses in use today.
What is the difference between SSL and the HTTPS protocol?
SSL is the technology used to encrypt data for internet connections, ensuring data transmission between a website and server remains secure. The HTTPS protocol, however, refers to the method of using SSL (or its successor, TLS) on a specific port to create a secure connection.
In essence, HTTPS operates over SSL on a web server with an SSL private key, and on the browser with an SSL certificate, leveraging the Public Key Infrastructure (PKI) to confirm legitimacy.
While both SSL and HTTPS work together, they have different roles. SSL (now largely replaced by the more efficient TLS) authenticates user identity when data is sent. The key difference is that only HTTPS ensures a secure channel for transmitting encrypted data.
A website with an SSL certificate typically has HTTPS in its URL and displays a padlock icon next to the domain name.
What is the default port for HTTPS?
Default HTTPS connections use TCP port 443 to facilitate encrypted communications between the web browser and server. This encryption ensures a secure data exchange during a website visit.
In contrast, the unsecured HTTP protocol uses TCP port 80. Overall these HTTPS ports, differentiated by unique numbers, heighten security by employing SSL or TLS encryption for website interactions.
What is the difference between port 443 and port 8443?
HTTPS port 443 and port 8443 differ mainly in their usage; 443 is a standard web browsing port designed for secure data transmission between web browsers and servers, while 8443 is used less frequently by Apache Tomcat for SSL text service to prevent conflicts. Even though both are HTTPS ports, Tomcat specifically defaults to 8443. Tomcat is rarely seen being used on public websites.
What are the most common TCP ports?
Here is a list of the most common TCP ports for web services like HTTP, SSL, cPanel, and SMTP.
Web Ports
Port # | Function |
21 | FTP |
22 | SFTP / SSH |
80 | HTTP |
443 | SSL |
990 | FTPs |
3306 | MySQL |
cPanel Ports
Port # | Function |
2082 | cPanel TCP inbound |
2083 | cPanel SSL TCP inbound |
2086 | WHM TCP inbound |
2087 | WHM SSL TCP inbound |
2089 | WHM SSL TCP inbound |
2095 | Webmail TCP inbound |
2096 | Webmail SSL TCP inbound |
Email Ports
Port # | Function |
110 | POP – Incoming |
995 | POP SSL – Incoming |
143 | IMAP – Incoming |
993 | IMAP SSL – Incoming |
25, 80, 3535 | SMTP – Outgoing |
465 | SMTP SSL – Outgoing |
What is the difference between SSL and TLS?
Secure Sockets Layer (SSL) is an established protocol that forges a secure connection between two devices or applications on a network. It’s instrumental in establishing trust and authenticating the opposite party prior to sharing credentials or data online. Despite its wide usage in applications or browsers for creating an encrypted communication channel, SSL is an older technology that comes with certain security shortcomings.
Transport Layer Security (TLS) is essentially an improved version of SSL, designed to address and fix vulnerabilities present in SSL. With its more efficient authentication process, TLS is a more secure and reliable option compared to its earlier counterpart.
SSL vs. TLS: Comparison Table
SSL | TLS | |
Terminology | SSL stands for Secure Sockets Layer | TLS stands for Transport Layer Security |
Status | All SSL versions are now deprecated. | TLS versions 1.2 and 1.3 in use. |
Alerts | SSL alert messages are unencrypted. | TLS alert messages are encrypted. |
Authentication | SSL uses Message Authentication Codes (MACS) | TLS uses Hashed Message Authentication Codes (HMACS) |
Encryption | SSL uses older encryption algorithms with known vulnerabilities. | TLS supports advanced encryption algorithms. |
Connection | SSL handshakes are tedious and slow. | TLS handshakes are faster with fewer steps. |
What OSI model levels do SSL/TLS and HTTPS operate on?
The Open Systems Interconnection (OSI) is a framework that divides the various functions of network communications into seven different layers. Ports are found at the Transport Layer 4 of the OSI model.
SSL and TLS operate between layers 4 and 7, while HTTPS itself is found on Application Layer 7.
What is the difference between an SSL certificate and TLS certificate?
Nowadays, SSL certificates are technically obsolete, with TLS certificates taking their place as the industry norm — however, the term “SSL” is still commonly used to describe TLS certificates. The core functionality of both types of certificates remains the same, with TLS iterations improving on the original SSL model over time.
Despite this terminology overlap, modern SSL certificates support both SSL and TLS protocols, underlining the importance of ensuring server configurations are compatible with progressively mandatory TLS protocols.
SSL v1.0 through to v3.0 and TLS 1.1 should be considered insecure; its use would nullify any PCI compliance.
How can I get HTTPS on my website?
To add HTTPS to your website, you’ll need to install an SSL certificate or get one through a provider. Obtaining an SSL certificate for your website can be simplified by purchasing one from a certificate authority like GoDaddy or acquiring a free one from Let’s Encrypt. Your hosting provider may already provide an SSL certificate — so it’s worth verifying with them first to avoid unnecessary work.
If you’re using the Sucuri Web Application Firewall (WAF), SSL will be enabled on your firewall servers by default — even without an SSL certificate on the website’s origin server. This ensures encryption of data between visitors and the viewed web page. Despite this, having an SSL certificate on your origin server is still essential.
CISM CISSP Marc Kranat is Sucuri’s Enterprise Firewall Supervisor who joined the company in 2014. Marc’s main responsibilities include providing support to high-value clients. His professional experience covers over 20 years in cyber and IS security and project management. When Marc isn’t checking firewall logs and configurations, you might find him acting as an assistant to his photographer wife, or wranging his Husky. Connect with him on Twitter.