Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Apr 13, 2013, 10:23 AM   #1
oldhifi
macrumors 6502a
 
Join Date: Jan 2013
Location: USA
Port 443 is open

I went to shields up and port 443 is open, do I need to close it?
__________________
IMac 20 " 2.16 GHz Intel Core 2 Duo OSX 10.7.5,
PowerBook G4, Macbook Air 10.9.3, Apple TV, Roku, IPhone 6
oldhifi is offline   0 Reply With Quote
Old Apr 13, 2013, 10:26 AM   #2
justperry
macrumors 603
 
justperry's Avatar
 
Join Date: Aug 2007
Location: 7 Km South of an active upside down (boat) volcano.
Quote:
Originally Posted by oldhifi View Post
I went to shields up and port 443 is open, do I need to close it?
NO:

HTTP Secure

Quote:
Difference from HTTP
HTTPS URLs begin with "https://" and use port 443 by default, whereas HTTP URLs begin with "http://" and use port 80 by default.
HTTP is insecure and is subject to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information. HTTPS is designed to withstand such attacks and is considered secure against such attacks (with the exception of older deprecated versions of SSL).
HTTPS is typically slower than HTTP. So when large amounts of data are processing over a port, you can see performance differences between these two.
justperry is offline   0 Reply With Quote
Old Apr 13, 2013, 10:30 AM   #3
Superhai
macrumors newbie
 
Join Date: Apr 2010
It is for https web server, if you don't have one, you should terminate the application that uses it.
Superhai is offline   0 Reply With Quote
Old Apr 13, 2013, 10:34 AM   #4
justperry
macrumors 603
 
justperry's Avatar
 
Join Date: Aug 2007
Location: 7 Km South of an active upside down (boat) volcano.
Quote:
Originally Posted by Superhai View Post
It is for https web server, if you don't have one, you should terminate the application that uses it.
I think you are wrong here, any https in the URL Bar of a browser will use this port, if you deny it you can't connect to that site, for instance your Bank.
justperry is offline   0 Reply With Quote
Old Apr 13, 2013, 10:52 AM   #5
Superhai
macrumors newbie
 
Join Date: Apr 2010
Quote:
Originally Posted by justperry View Post
I think you are wrong here, any https in the URL Bar of a browser will use this port, if you deny it you can't connect to that site, for instance your Bank.
Your browser is not listening to port 443.
Superhai is offline   0 Reply With Quote
Old Apr 13, 2013, 10:57 AM   #6
SandboxGeneral
Moderator
 
SandboxGeneral's Avatar
 
Join Date: Sep 2010
Location: Great Lakes State
Quote:
Originally Posted by Superhai View Post
Your browser is not listening to port 443.
Yes it is. Port 443 is used for all https sites. If you close it you will not be able to browse or otherwise connect to any secure websites or servers. 443 is the standard port that all web browsers use to establish SSL connections. That's where you get the encrypted end-to-end connection from your browser to a site like a bank. Non-encrypted sites use port 80 for regular http traffic.
SandboxGeneral is offline   0 Reply With Quote
Old Apr 13, 2013, 11:03 AM   #7
oldhifi
Thread Starter
macrumors 6502a
 
Join Date: Jan 2013
Location: USA
thanks guys for the help!!
__________________
IMac 20 " 2.16 GHz Intel Core 2 Duo OSX 10.7.5,
PowerBook G4, Macbook Air 10.9.3, Apple TV, Roku, IPhone 6
oldhifi is offline   0 Reply With Quote
Old Apr 13, 2013, 11:06 AM   #8
justperry
macrumors 603
 
justperry's Avatar
 
Join Date: Aug 2007
Location: 7 Km South of an active upside down (boat) volcano.
Quote:
Originally Posted by Superhai View Post
Your browser is not listening to port 443.
If you read the link I provided in my initial post and read the quote you know you are wrong!
justperry is offline   0 Reply With Quote
Old Apr 13, 2013, 11:55 AM   #9
Superhai
macrumors newbie
 
Join Date: Apr 2010
Quote:
Originally Posted by justperry View Post
If you read the link I provided in my initial post and read the quote you know you are wrong!
If you learn TCP/IP you know you are wrong.

A client (web browser) request a port from the "usually" OS own TCP stack, and in old days only ports from 1025 to around 5000 could be used, nowadays it gets port from 49152 to 65535. They are kept untill the connection closes. The client then contacts the server (https server) which obviously needs to be on a specified port on a specified ip-address (in this case 443) for the client to know who to contact. Now they have established a connection and the server sends whatever data the client wants (or doesn't wants). Then it is closed (there are stuff like keep-alive which reuses the same connection, but that is beyond this post)

As the remote server never initiates a connection to the client, the client does not need to keep a port open.

If you however run your own server, or use p2p software, or two-way communicating software (like skype or some kind of messenger) then you need a port open for listening so the remote party are able to initiate the connection.
Superhai is offline   1 Reply With Quote
Old Apr 13, 2013, 12:17 PM   #10
justperry
macrumors 603
 
justperry's Avatar
 
Join Date: Aug 2007
Location: 7 Km South of an active upside down (boat) volcano.
Quote:
Originally Posted by Superhai View Post
If you learn TCP/IP you know you are wrong.

A client (web browser) request a port from the "usually" OS own TCP stack, and in old days only ports from 1025 to around 5000 could be used, nowadays it gets port from 49152 to 65535. They are kept untill the connection closes. The client then contacts the server (https server) which obviously needs to be on a specified port on a specified ip-address (in this case 443) for the client to know who to contact. Now they have established a connection and the server sends whatever data the client wants (or doesn't wants). Then it is closed (there are stuff like keep-alive which reuses the same connection, but that is beyond this post)

As the remote server never initiates a connection to the client, the client does not need to keep a port open.

If you however run your own server, or use p2p software, or two-way communicating software (like skype or some kind of messenger) then you need a port open for listening so the remote party are able to initiate the connection.
You want proof, here it is, a little snitch deny connection on port 443, yahoo is https.
Attached Thumbnails
Click image for larger version

Name:	Screen Shot 2013-04-14 at 00.14.39.png
Views:	273
Size:	277.5 KB
ID:	407626  
justperry is offline   0 Reply With Quote
Old Apr 13, 2013, 12:43 PM   #11
Superhai
macrumors newbie
 
Join Date: Apr 2010
Quote:
Originally Posted by justperry View Post
You want proof, here it is, a little snitch deny connection on port 443, yahoo is https.
It proves what I am saying, and that you don't know what is asked in the first post. What little snitch is blocking is the outbound connection to the server on port 443 (i.e. the destination port). Not the port on the client side (source port). If you want to close port 443 on the client, https will still work just fine. Shields up is showing the open ports on the client.
Superhai is offline   1 Reply With Quote
Old Apr 13, 2013, 01:28 PM   #12
sjinsjca
macrumors 65816
 
Join Date: Oct 2008
Quote:
Originally Posted by SandboxGeneral View Post
Yes it is. Port 443 is used for all https sites. If you close it you will not be able to browse or otherwise connect to any secure websites or servers. 443 is the standard port that all web browsers use to establish SSL connections. That's where you get the encrypted end-to-end connection from your browser to a site like a bank. Non-encrypted sites use port 80 for regular http traffic.
There is some serious misunderstanding going on here.

You will be able to browse https sites, because your browser, inside the firewall, will initiate the conversation.

What ShieldsUp seems to be saying is that it can see port 443 open from OUTSIDE your LAN.

If you're not running a secure-web server or something of the sort on a machine on your LAN, that's odd. Close it, just for your peace of mind. If you find that breaks some application, then you can always open it again.
sjinsjca is offline   1 Reply With Quote
Old Apr 13, 2013, 02:15 PM   #13
oldhifi
Thread Starter
macrumors 6502a
 
Join Date: Jan 2013
Location: USA
Quote:
Originally Posted by sjinsjca View Post
There is some serious misunderstanding going on here.

You will be able to browse https sites, because your browser, inside the firewall, will initiate the conversation.

What ShieldsUp seems to be saying is that it can see port 443 open from OUTSIDE your LAN.

If you're not running a secure-web server or something of the sort on a machine on your LAN, that's odd. Close it, just for your peace of mind. If you find that breaks some application, then you can always open it again.

How do I close it? My computer setting is: DNS is off, NO sharing, firewall is ON
__________________
IMac 20 " 2.16 GHz Intel Core 2 Duo OSX 10.7.5,
PowerBook G4, Macbook Air 10.9.3, Apple TV, Roku, IPhone 6

Last edited by oldhifi; Apr 13, 2013 at 02:30 PM.
oldhifi is offline   0 Reply With Quote
Old Apr 13, 2013, 02:49 PM   #14
oldhifi
Thread Starter
macrumors 6502a
 
Join Date: Jan 2013
Location: USA
I think I found it:
on my Uverse firewall settings port 443 is open, this is a router/receiver for my 2nd TV
__________________
IMac 20 " 2.16 GHz Intel Core 2 Duo OSX 10.7.5,
PowerBook G4, Macbook Air 10.9.3, Apple TV, Roku, IPhone 6
oldhifi is offline   0 Reply With Quote
Old Apr 13, 2013, 02:56 PM   #15
thejadedmonkey
macrumors 604
 
thejadedmonkey's Avatar
 
Join Date: May 2005
Location: Pa
Send a message via AIM to thejadedmonkey
Quote:
Originally Posted by oldhifi View Post
I think I found it:
on my Uverse firewall settings port 443 is open, this is a router/receiver for my 2nd TV
Why is your TV listening for a secure connection?
__________________
MacBook 17" MacBook Pro iPod Nano Apple TV
PS4 Custom Windows 8.1 Desktop WP8.1
"Good judgment comes from experience,
experience comes from bad judgment."
- Mulla Nasrudin
thejadedmonkey is offline   0 Reply With Quote
Old Apr 13, 2013, 03:13 PM   #16
Superhai
macrumors newbie
 
Join Date: Apr 2010
One common reason for 443 port is a web based control panel. Try to https:// and your assigned ip from outside.
Superhai is offline   0 Reply With Quote
Old Apr 18, 2013, 11:52 AM   #17
freejazz-man
macrumors regular
 
Join Date: May 2010
hilarious thread right here
freejazz-man is offline   3 Reply With Quote
Old Apr 18, 2013, 01:34 PM   #18
Ap0ks
macrumors regular
 
Join Date: Aug 2008
Location: Cambridge, UK
Quote:
Originally Posted by freejazz-man View Post
hilarious thread right here
+1, good to know there are plenty of easy targets out there

As Superhai has said, I'd imagine your Uverse firewall has an "Allow remote management" option if you disable that it should stop listening on port 443.
Ap0ks is offline   2 Reply With Quote
Old Apr 18, 2013, 01:41 PM   #19
jtara
macrumors 65816
 
Join Date: Mar 2009
I imagine this is open on your UVerse box so that if you suddenly get an urge to record some show, you can log-in from Starbucks and schedule the recording.

Odd that they wouldn't do that with a website, and have the Uverse box talk to some web service (outbound, not inbound). (I don't have Uverse.)
jtara is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Airport Extreme Port 443 Blocked Southern Dad Mac Peripherals 9 Apr 27, 2014 11:51 AM
/Is it possible to port forward to my laptop to test if a port is open infobleep OS X 10.8 Mountain Lion 5 Aug 11, 2013 03:15 PM
How can I open port 80 manually on OS X ? XPcentric Mac Programming 2 May 26, 2013 02:10 PM
Open Port in Airport Utility 6 prnoct90 Mac Peripherals 0 Jan 22, 2013 07:31 AM
443 PPI 5 Inch Display on its way... Timzer Alternatives to iOS and iOS Devices 26 Oct 3, 2012 01:09 PM

Forum Jump

All times are GMT -5. The time now is 07:15 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC