Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Port 443 is open

oldhifi

oldhifi

macrumors 65816
Original poster
Jan 12, 2013
1,494
748
USA
I went to shields up and port 443 is open, do I need to close it?
 
justperry

justperry

macrumors G5
Aug 10, 2007
12,558
9,750
I'm a rolling stone.
oldhifi said:
I went to shields up and port 443 is open, do I need to close it?
Click to expand...

NO:

HTTP Secure

Difference from HTTP
HTTPS URLs begin with "https://" and use port 443 by default, whereas HTTP URLs begin with "http://" and use port 80 by default.
HTTP is insecure and is subject to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information. HTTPS is designed to withstand such attacks and is considered secure against such attacks (with the exception of older deprecated versions of SSL).
HTTPS is typically slower than HTTP. So when large amounts of data are processing over a port, you can see performance differences between these two.
Click to expand...
 
Superhai

Superhai

macrumors 6502a
Apr 21, 2010
716
523
It is for https web server, if you don't have one, you should terminate the application that uses it.
 
SandboxGeneral

SandboxGeneral

Moderator emeritus
Sep 8, 2010
26,482
10,051
Detroit
Superhai said:
Your browser is not listening to port 443.
Click to expand...

Yes it is. Port 443 is used for all https sites. If you close it you will not be able to browse or otherwise connect to any secure websites or servers. 443 is the standard port that all web browsers use to establish SSL connections. That's where you get the encrypted end-to-end connection from your browser to a site like a bank. Non-encrypted sites use port 80 for regular http traffic.
 
Superhai

Superhai

macrumors 6502a
Apr 21, 2010
716
523
justperry said:
If you read the link I provided in my initial post and read the quote you know you are wrong!
Click to expand...

If you learn TCP/IP you know you are wrong. ;)

A client (web browser) request a port from the "usually" OS own TCP stack, and in old days only ports from 1025 to around 5000 could be used, nowadays it gets port from 49152 to 65535. They are kept untill the connection closes. The client then contacts the server (https server) which obviously needs to be on a specified port on a specified ip-address (in this case 443) for the client to know who to contact. Now they have established a connection and the server sends whatever data the client wants (or doesn't wants). Then it is closed (there are stuff like keep-alive which reuses the same connection, but that is beyond this post)

As the remote server never initiates a connection to the client, the client does not need to keep a port open.

If you however run your own server, or use p2p software, or two-way communicating software (like skype or some kind of messenger) then you need a port open for listening so the remote party are able to initiate the connection.
 
justperry

justperry

macrumors G5
Aug 10, 2007
12,558
9,750
I'm a rolling stone.
Superhai said:
If you learn TCP/IP you know you are wrong. ;)

A client (web browser) request a port from the "usually" OS own TCP stack, and in old days only ports from 1025 to around 5000 could be used, nowadays it gets port from 49152 to 65535. They are kept untill the connection closes. The client then contacts the server (https server) which obviously needs to be on a specified port on a specified ip-address (in this case 443) for the client to know who to contact. Now they have established a connection and the server sends whatever data the client wants (or doesn't wants). Then it is closed (there are stuff like keep-alive which reuses the same connection, but that is beyond this post)

As the remote server never initiates a connection to the client, the client does not need to keep a port open.

If you however run your own server, or use p2p software, or two-way communicating software (like skype or some kind of messenger) then you need a port open for listening so the remote party are able to initiate the connection.
Click to expand...

You want proof, here it is, a little snitch deny connection on port 443, yahoo is https.
 

Attachments

  • Screen Shot 2013-04-14 at 00.14.39.png
    Screen Shot 2013-04-14 at 00.14.39.png
    277.5 KB · Views: 868
Superhai

Superhai

macrumors 6502a
Apr 21, 2010
716
523
justperry said:
You want proof, here it is, a little snitch deny connection on port 443, yahoo is https.
Click to expand...

It proves what I am saying, and that you don't know what is asked in the first post. What little snitch is blocking is the outbound connection to the server on port 443 (i.e. the destination port). Not the port on the client side (source port). If you want to close port 443 on the client, https will still work just fine. Shields up is showing the open ports on the client.
 
sjinsjca

sjinsjca

macrumors 68020
Oct 30, 2008
2,238
555
SandboxGeneral said:
Yes it is. Port 443 is used for all https sites. If you close it you will not be able to browse or otherwise connect to any secure websites or servers. 443 is the standard port that all web browsers use to establish SSL connections. That's where you get the encrypted end-to-end connection from your browser to a site like a bank. Non-encrypted sites use port 80 for regular http traffic.
Click to expand...

There is some serious misunderstanding going on here.

You will be able to browse https sites, because your browser, inside the firewall, will initiate the conversation.

What ShieldsUp seems to be saying is that it can see port 443 open from OUTSIDE your LAN.

If you're not running a secure-web server or something of the sort on a machine on your LAN, that's odd. Close it, just for your peace of mind. If you find that breaks some application, then you can always open it again.
 
oldhifi

oldhifi

macrumors 65816
Original poster
Jan 12, 2013
1,494
748
USA
sjinsjca said:
There is some serious misunderstanding going on here.

You will be able to browse https sites, because your browser, inside the firewall, will initiate the conversation.

What ShieldsUp seems to be saying is that it can see port 443 open from OUTSIDE your LAN.

If you're not running a secure-web server or something of the sort on a machine on your LAN, that's odd. Close it, just for your peace of mind. If you find that breaks some application, then you can always open it again.
Click to expand...


How do I close it? My computer setting is: DNS is off, NO sharing, firewall is ON
 
Last edited:
oldhifi

oldhifi

macrumors 65816
Original poster
Jan 12, 2013
1,494
748
USA
I think I found it:
on my Uverse firewall settings port 443 is open, this is a router/receiver for my 2nd TV :)
 
Superhai

Superhai

macrumors 6502a
Apr 21, 2010
716
523
One common reason for 443 port is a web based control panel. Try to https:// and your assigned ip from outside.
 
J

jtara

macrumors 68020
Mar 23, 2009
2,008
536
I imagine this is open on your UVerse box so that if you suddenly get an urge to record some show, you can log-in from Starbucks and schedule the recording.

Odd that they wouldn't do that with a website, and have the Uverse box talk to some web service (outbound, not inbound). (I don't have Uverse.)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom