Does HTTPS use TCP or UDP?
Asked
Active
Viewed 1.3e+01k times
6 Answers
44
HTTPS can run over any reliable stream transport protocol. Normally that's TCP, but it could also be SCTP. It is NOT expected to run over UDP, which is an unreliable datagram protocol (in fact, while that's not its official name, that's a good way to remember what it is).
The IANA assignment for UDP is historical; at the time, nearly every protocol was assigned both the TCP and UDP port numbers, even if it was expected that it would only ever use one. There has been discussion of merging the port number registries, and only ever assigning one port to one protocol from here on. That is to make it easier to deploy future transport protocols that would otherwise need their own registries. I'm not aware of how that discussion concluded.
Andrew McGregor
- 1,152
- 7
- 4
-
1Most SSL implementations expose it as SSL socket, so it implies TCP. There are very rare occurrences of using any other transport. – Nasko May 14 '10 at 18:10
-
4Warning: this answer is outdated (9 years ago). Take a look at the answer about QUIC protocol, which is an implementation that Google uses for Chrome. Just saying. – ivanleoncz Feb 26 '18 at 20:24
33
It uses TCP. It would be difficult to run it on UDP without the guarantee of packets arriving. If the packets don't arrive, the encrypted data will not be decipherable.
sybreon
- 7,405
- 1
- 21
- 20
-
4Or if the packets arrive out of order, as UDP contains no provisions for reordering packets like TCP. – janneb Jan 03 '10 at 09:42
-
3Not going to -1 you because it'd be a little pedantic, but its worth noting that there's no reason it couldn't be run over UDP. It may be atypical, but it is possible. – ThatGraemeGuy Jan 03 '10 at 12:01
14
Nowadays HTTPS can run above either TCP or UDP.
The new "QUIC" protocol aims to replace multiple TCP connections with one multiplexed UDP connection, and hence can handle SSL and HTTPS:
HTTPS → SSL → QUIC flow → UDP → IP
QUIC was originally developped in 2012 by Google and is undergoing IETF review. For more details, see Wikipedia.
J.P. Tosoni
- 545
- 4
- 6
-
This should be the answer, considering the current scenario. For example, for experimental purposes, I could only block HTTPS traffic for an specific IP, using `DROP` targets on `mangle` table, using `udp` protocol for the rule. – ivanleoncz Feb 26 '18 at 20:22
-
3+1, did not expect to learn something when clicking on this question. – T.Coutlakis Jun 25 '18 at 17:21
-
+1 to @T.Coutlakis When I was going through the output of `cat /etc/services`, I came across "https 443/udp # HTTP/3", which got me wondering about HTTPS over UDP. – ZeZNiQ Jun 18 '23 at 15:59
12
For the next time, if you wonder if a default port service run on tcp or udp, you can look at /etc/services on a linux machine.
Deimosfr
- 594
- 2
- 5
-
3Or a Windows machine, in a command prompt: `find "https" %windir%\system32\drivers\etc\services` – ThatGraemeGuy Jan 03 '10 at 11:57
-
1My /etc/services also lists 80/udp. Actually, many services have allocated both ports, "just in case" I guess. – Peter Eisentraut Jan 09 '10 at 23:03
-
Here's what /etc/services has to say about this method: "officially ports have two entries even if the protocol doesn't support UDP operations." – De Novo Sep 26 '20 at 19:19
7
The OSI model allows higher layer protocols to run over any underlying protocol providing the correct services. HTTPS is HTTP using SSL/TLS security. SSL/TLS typically runs on top of TCP, but there is nothing to stop you from running it on UDP, SCTP or any other transport layer protocol.
As a matter of fact HTTPS over TCP and UDP are both defined as "well known" by IANA and have reserved port numbers.
See http://www.iana.org/assignments/port-numbers for the "official" ports/protocol combinations.
pehrs
- 8,789
- 1
- 30
- 46
-
1See for example http://tools.ietf.org/html/rfc4347 (Datagram Transport Layer Security) for how SSL/TLS can run over UDP. – pehrs Jan 03 '10 at 11:35
