Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

.???.....

U

unrigestered

Suspended
Original poster
Jun 17, 2022
879
840
and should we care?



Firefox is calling EdgeCast and Akamai during startup and browsing on Port 80, even when pretty much everything is set to "use HTTPS only" and "DNS over HTTPS"
the standard settings are communicating with some google servers via port 80.



you can lessen this a bit by unchecking "Query OCSP responder servers to confirm the current validity of certificates"



but why port 80 and not 443?




Safari is also using Akamai. Mostly on 443, but when you reset your browsing history and clear your cookies, there will be A TON of links using port 80 too.
via trustd, but it is getting initiated by Safari.
 
not every site uses HTTPS by default across all their sites. Why I have no idea. It is not like the browsers cannot do it (banking, online purchasing, etc) all use it so my take is the extra overhead of using HTTPS across the board but maybe someone more in the webhosting space can offer an actual answer rather than speculation.
 
yes, but a lot of the stuff seems to be related to looking for updates, and even Firefoxes general browser settings are connecting to a google server via port 80! why do these need to be transmitted on unsecured / non-encrypted channels when pretty much most of the "important" parts of the internet have long moved to 443?

even the icon pre-fetching for my stored links, which i guess is what is happening in Safari, i think none of these websites are HTTP... all of them (other than my router's user interface) are HTTPS, still... this is happening on port 80
 
Encryption and ports are entirely separate concepts, though there are conventions regarding their use.

HTTP (unencrypted) and HTTPS (encrypted) are protocols at the Application layer in the 7 layer OSI model. They can, in principle, be used over any TCP port (layers 4 and 5). By default, browsers will attempt to use port 80 for HTTP and port 443 for HTTPS, but any port can be specified. There is nothing wrong with HTTPS://server.com:80 or HTTP://server.com:443 so long as the web server recognises it.

When you are seeing background tasks making connections to a remote port 80, it may or may not be encrypted. Going further it may be using another higher layer protocol, not just HTTP/S. You need to inspect the data packets.
 
Last edited:
  • Like
Reactions: KaliYoni
yes, i didn't inspect the data packets, just wondered while using
nettop -m tcp
Click to expand...

i also took into consideration that they maybe will be using encryption on 80, but it seemed weird to me on a first glance
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back