HTTPS is secure and is on port 443. Information that travels on port 443 is encrypted using Secure Sockets Layer (SSL) or its new version, Transport Layer Security (TLS).
Using HTTPS also helps minimize an attack by a hacker by identifying open ports and then blocking access with a firewall. It is highly advisable to access and transact on sites with HTTPS to protect yourself from malicious elements as it prevents your personal information, passwords, customer data, and business-critical data from being intercepted and stolen.
HTTP is unsecured and available on port 80.
How Does HTTPS Work?
HTTP over an SSL/TLS connection makes use of public key encryption (where there are two keys — public and private) to distribute a shared symmetric key, which is then used for bulk transmission. A TLS connection typically uses HTTPS port 443. Alternatively, the client may also send a request like STARTTLS to upgrade from an unencrypted connection to an encrypted one.
Before a connection can be established, the browser and the server need to decide on the connection parameters that can be deployed during communication. They arrive at an agreement by performing an SSL/TLS handshake.
What is port
A port is a virtual numbered address that’s used as a communication endpoint by transport layer protocols like UDP (user diagram protocol) or TCP (transmission control protocol). Network ports direct traffic to the right places — i.e., they help the devices involved identify which service is being requested.
HTTPS port 443
HTTPS Port 443 offers encrypted communication between the web browser and web server, making the data unreadable for any data breach. Hence, connecting through HTTPS Port 443 for web browsing certainly wins hands down over establishing an unsafe HTTP Port 80 connection for web surfing.
Difference between port 80 and 443
- Port 80 is assigned to HTTP while Port 443 is assigned to HTTPS
- Port 80 allows HTTP protocol means the information remains in plain text between the browser and the server, while Port 443 allows HTTPS protocol means all the information travels between the server and the browser remains encrypted.
- HTTP is now becoming obsolete as almost all browsers have moved to HTTPS due to security reasons.
- Attackers can easily sniff ongoing communication on port 80 while it is hard to sniff the information on port 443.