Does HTTPS use TCP or UDP?

Solution 1:

HTTPS can run over any reliable stream transport protocol. Normally that's TCP, but it could also be SCTP. It is NOT expected to run over UDP, which is an unreliable datagram protocol (in fact, while that's not its official name, that's a good way to remember what it is).

The IANA assignment for UDP is historical; at the time, nearly every protocol was assigned both the TCP and UDP port numbers, even if it was expected that it would only ever use one. There has been discussion of merging the port number registries, and only ever assigning one port to one protocol from here on. That is to make it easier to deploy future transport protocols that would otherwise need their own registries. I'm not aware of how that discussion concluded.

Solution 2:

It uses TCP. It would be difficult to run it on UDP without the guarantee of packets arriving. If the packets don't arrive, the encrypted data will not be decipherable.

Solution 3:

For the next time, if you wonder if a default port service run on tcp or udp, you can look at /etc/services on a linux machine.

Solution 4:

Nowadays HTTPS can run above either TCP or UDP.

The new "QUIC" protocol aims to replace multiple TCP connections with one multiplexed UDP connection, and hence can handle SSL and HTTPS:

HTTPS → SSL → QUIC flow → UDP → IP

QUIC was originally developped in 2012 by Google and is undergoing IETF review. For more details, see Wikipedia.

Solution 5:

The OSI model allows higher layer protocols to run over any underlying protocol providing the correct services. HTTPS is HTTP using SSL/TLS security. SSL/TLS typically runs on top of TCP, but there is nothing to stop you from running it on UDP, SCTP or any other transport layer protocol.

As a matter of fact HTTPS over TCP and UDP are both defined as "well known" by IANA and have reserved port numbers.

See for the "official" ports/protocol combinations.