Defined behavior for explicit default port in HTTPS Host: header?

Question

In HTTPS, should a server act differently if the default port is/is-not provided in the Host header? That is, in HTTPS, consider these two headers as part of a request:

Host: www.example.com

Host: www.example.com:443

As far as I know, the HTTP spec says port must be included unless it is the default port. However, it does not mention, as far as I can tell, what to do if the default port is explicitly included (since it need not be). I can't seem to find anything for HTTPS, which is what I'm curious about in this case.

Similar to this question, which deals with HTTP and asks whether the port is required.

For context, I am working with the Mechanize Python module and when dealing with some 302 redirects through a login service, end up sending a Host: header with the default port (i.e, 443) included. However, the server receiving this header doesn't seem to like it, and only acts properly when the port is not included. I am trying to determine whether this is a bug in the server, or mechanize, or neither. I think it's the former, but I only have the ability to change the way mechanize works.

Answer 1

As you said, RFC 2616 only specifies that if port information is not provided then the default port must be used, in this RFC default port for HTTPS is not explicit defined but in RFC 2818 specifies that the default port for HTTPS is 443. So if you no specify a port on host request header for HTTP port 80 is used and for HTTPS port 443 is used. However in the RFC there isn't any reference if default port is specified, so IMHO if you specify the default port (although it is not necessary) the server must works. However this finally depends on vendor implementation.

Hope this helps,