What happens when a request is made to an HTTPS port?

1. When a client sends an HTTP request to the HTTPS server, the request is still encrypted and secured with TLS/SSL protocol.
2. The server then processes the request and returns an HTTP response, which is also encrypted using the same TLS/SSL protocol.

Comparison with HTTPS

1. In contrast to the HTTP protocol, which uses TCP connection and TLS/SSL encryption for security, the HTTPS port uses a secure tunnel between the client and server.
2. This means that there is no direct communication between the client and server over the same network segment. Instead, it involves two separate networks (one for HTTP and one for HTTPS).

Impact on Web Application Security

• The plain HTTP request to an HTTPS port is still vulnerable to various attacks, such as man-in-the-middle (MitM) attacks and protocol downgrade attacks.
• Moreover, the use of a secure tunnel for HTTPS may not provide significant additional security benefits compared to using TLS/SSL certificates, which are widely accepted as a standard for web application security.