Yes DirPort does not speak TLS, but since 443 is also best used for ORPort (because it is often one of the ports that are allowed to pass through firewalls)
- https is not possible on the same IP (when already used by the ORPort).
Well... that's kind of a hack to handle ORPort going through in various hosting scenarios.
The ORPort selection is primarily important for the client -> guard connection. For relay <> relay connections firewalls shouldn't matter (that much)
I don't know what ORPort most relays use (I guess I can get that from onionoo to some degree) but I do want to hope they are not all riding 443 (I know I don't use 443 for my ORPort on both relays).
Top 20 ORPorts by relay count:
+---------+----------+ | or_port | #relays | +---------+----------+ | 9001 | 3289 | | 443 | 2080 | | 9002 | 67 | | 80 | 62 | | 8443 | 53 | | 8080 | 52 | | 9090 | 35 | | 9100 | 31 | | 110 | 30 | | 444 | 29 | | 21093 | 26 | | 9000 | 22 | | 993 | 22 | | 9003 | 21 | | 21 | 18 | | 9010 | 15 | | 20 | 14 | | 22 | 14 | | 143 | 14 | | 19001 | 13 | +---------+----------+