Your observation is not quite correct. Compare these two:
❯ curl -v http://golang.org
* Rebuilt URL to: http://golang.org/
* Trying 172.217.23.17...
* Connected to golang.org (172.217.23.17) port 80 (#0)
> GET / HTTP/1.1
> Host: golang.org
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Thu, 06 May 2021 12:45:08 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 42
< Location: https://golang.org/
< Via: 1.1 google
<
<a href="https://golang.org/">Found</a>.
That’s what is expected: A HTTP request is redirected to a HTTPS request. But:
❯ curl -v http://golang.org:443
* Rebuilt URL to: http://golang.org:443/
* Trying 172.217.23.17...
* Connected to golang.org (172.217.23.17) port 443 (#0)
> GET / HTTP/1.1
> Host: golang.org:443
> User-Agent: curl/7.43.0
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
A HTTP request for the HTTPS port 443 is rejected.
I think it is a matter of taste if you prefer this “Connection reset by peer” behaviour or the 400 Bad Request response that the Go standard library implements.
In any case, put a HTTP reverse proxy like NGINX in front of your Go code if you want to have more control over how HTTP requests are handled.