- cross-posted to:
- world@lemmy.world
- cross-posted to:
- world@lemmy.world
Activist group Great Firewall Report spotted the outage, which it said disrupted all traffic to TCP port 443 – the standard port used for carrying HTTPS traffic.
“Between approximately 00:34 and 01:48 (Beijing Time, UTC+8) on August 20, 2025, the Great Firewall of China (GFW) exhibited anomalous behavior by unconditionally injecting forged TCP RST+ACK packets to disrupt all connections on TCP port 443,” the group wrote in a Wednesday post.
That disruption meant Chinese netizens couldn’t reach most websites hosted outside China, which is inconvenient. The incident also blocked other services that rely on port 443, which could be more problematic because many services need to communicate with servers or sources of information outside China for operational reasons. For example, Apple and Tesla use the port to connect to offshore servers that power some of their basic services.
Anyone know why someone would use port 443 for anything other than https?
HTTPS may be the official designation for the port, but it is the de facto standard port for TLS. Whatever you want to send over TLS, doesn’t really matter.
HTTPS is just HTTP served over TLS (originally SSL).
Step by step, if you were to analyze a web connection over port 443, you would see that the client first negotiates the TCP connection (via three-way handshake), then TLS, and it’s not till after TLS is established that HTTPS is negotiated.
In that way, it’s kinda wrong to say it’s the HTTPS port. It’s really, nowadays, the TLS port. HTTP is just one of many protocols that can ride on top of it, and when we do that, we call it HTTPS.
There’s lots of things that transport using HTTPS that aren’t websites in browsers.
Yeah technically anything can run on any ports, we just like to default certain things.
Ssh for example can work on port 2000 or whatever. Port knocking is fun too.
Oh, it’s not even that some other protocol is operating on 443. It’s that the underlying transport is HTTPS, just for something that’s not a website rendered in a browser by the client. Microsoft, for example, used RPC over HTTPS for Outlook connectivity to Exchange for a hot minute.
Ah gotcha. In this case yeah.
websockets
VPNs, DNS over https (DoH), load balancers via DHCP, encrypted remote procedure calls, TCP pipes via gsocket.
I could go on.
To not get blocked by the great firewall
Sometimes mandatory web proxies still allow direct connections to port 443 so as to not break https, which in return means as long as your connection is to port 443, that proxy will pass it through without interfering.
I used to run sshd on port 443 for this reason back when I regularly had to work from client networks.
Pass thoses firewalls and other corporates proxy/VPN/… that block most ports. If what you build is at least partly used where user have internet access, you know this port is open. Even if 22, 8080 and all the others are closed.
Happy cake day!
Some ISPs block other ports, so if you want to host something, that might be your best option.