Port 443/tcp is the IANA-assigned home of HTTPS — HTTP carried inside a TLS session — and is the default secure transport of the web. TLS supplies confidentiality, integrity, and server authentication via a handshake that negotiates the protocol version and cipher suite, establishes session keys, and validates an X.509 certificate; the current versions are TLS 1.2 (RFC 5246) and TLS 1.3 (RFC 8446). Adoption is now near-universal: W3Techs reported in January 2026 that 92.6% of the top 100,000 sites default to HTTPS, and Google's Chrome transparency reporting (October 2025) put HTTPS at over 95% of desktop and over 99% of Android page loads. The IANA service name is https ("http protocol over TLS/SSL", reference RFC 9110), assigned to the IESG/IETF Chair. For an analyst, an open 443/tcp means a TLS-protected web service, and the high-value triage steps are enumerating supported TLS versions and cipher suites, examining the certificate (validity window, issuer, SAN), testing for known TLS flaws, and identifying the underlying application. The same encryption that protects users also blinds passive inspection, so encrypted command-and-control (e.g., Cobalt Strike) hides well on 443. Historically relevant weaknesses cluster in TLS *implementations* and deprecated versions — Heartbleed and POODLE (both 2014), and the formal deprecation of SSL 2.0/3.0 and TLS 1.0/1.1.

IANA assignment

https — "http protocol over TLS/SSL"; reference [RFC9110] (modified 2021-10-01); assignee IESG/IETF Chair [IANA-assigned] — IANA Service Name and Transport Protocol Port Number Registry

Range class

well-known (0–1023)

Primary use

encrypted web traffic (HTTP over TLS); the default secure web transport. ~92.6% of top-100k sites default to HTTPS (W3Techs, Jan 2026) [Well-established] — W3Techs, Google Chrome HTTPS Transparency Report (Oct 2025)

Other/unofficial uses

SSL-VPN endpoints, API gateways, encrypted C2, tunneling over 443 to bypass egress filtering [Community-reported/Threat-reported] — Malware Patrol, MITRE ATT&CK

Prevalence

nmap-services open-frequency 0.208669 (third-most-common open TCP port in classic rankings) [Well-established] — nmap-services file

Security implications

TLS implementation flaws (Heartbleed 2014; POODLE 2014); deprecated versions (SSL 2.0 per RFC 6176, SSL 3.0 per RFC 7568, TLS 1.0/1.1 per RFC 8996); expired/misissued certs. Encryption blinds passive inspection, so encrypted C2 beaconing hides on 443 [Well-established/Threat-reported] — Wikipedia (TLS), MITRE ATT&CK

Typically seen on

web servers, CDNs, load balancers, VPN endpoints, cloud services, IoT

Related ports

80 HTTP; 443/udp (HTTP/3 QUIC); 8443 HTTPS-alt

Analyst note

Open 443/tcp means a TLS-protected web service. Enumerate TLS versions/ciphers, examine the certificate (validity, issuer, SAN), test for known TLS vulnerabilities, and identify the underlying web app.