Jump to content

Default Blocklist exclusion for 443


ElDopa

Recommended Posts

Posted

The latest beta build of the 2.2.1 (build 24217) has added port 80 (HTTP) and 443 (HTTPS) to the default blocklist (as stated in the changelog).

Since using port 443 is almost the only port you can use on public, firewalled infrastructures (HotSpots, Hotel Wifi, etc.) I like to request removing port 443 from the default blocklist again. Port 80 isn't that big of a deal, since the more advanced firewalls still filter non-HTTP traffic on port 80; leaving port 443 the only viable option (until now) ...

Posted

Well actually, it is. I'm typing this from a hotel room, with uTorrent successfully running on 443 and accepting incoming connections. Guess UPnP or NAT-PMP is still enabled on the router. And this might sound like the odd exception out, but in my experience it works pretty well with most hotel-connections.

My argument being that port 443 is sometimes the only 'usable' port not being (effectively) filtered by a firewall, so blocking it by default will render it useless. It's not because I simply want it (I use SSL tunnels to get around any firewalling in case I need to, but not everybody has that luxury or knowledge), but because it restrict it's usability on public infrastructures.

As an end-user I'm not about protocol-restrictions or -abuse, I'm about usability ... I understand your side, I'm just saying it might not be in the end-users interest. As I've never heard about BT traffic over 443 causing problems for routers/firewalls, I'd prefer the practicality over the theoretical correctness. I can imagine there could be some - for end-users unknown/invisible - downsides to it, but in that case please share them (if it's not too much work/tech detailed); it never hurts to learn ...

PS: Removing 443 from the no_connect list in my uTorrent is kinda useless, it's about the peer's no_connect list (which is likely to be the default value(s)), hence the request.

Posted

You can still make outgoing connections. Your incoming port has no real relevance on that. The security gains from doing this outweigh the few users that would be affected.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...