When I was learning theory on HTTPS, I've read that when a site is visited, the following happens:
- Client tries to establish a connection to port 80 on the target host
- Server responds with 301 Redirect to port 443 on the same host, indicating that it wants to upgrade to HTTPS
- Redirect happens, and both points proceed to perform a TLS handshake, establishing an encrypted connection.
I have recently tried to analyze (using Wireshark) the way a secure connection is established between my laptop (running GNU/Linux with Firefox) and 10 different commonly-used websites (google, youtube, amazon, etc.), however in none of the cases did I encounter any sort of communication over HTTP before ClientHello.
Is this not how it works anymore or may I be generally wrong about it?