Bart figured out the cause of this.
It runs out that because the format for nsopenssl has changed with nsopenssl 3 (used by Aolserver 4), the acs-tcl/tcl/security-procs.tcl get_https_port proc was getting the wrong port number. It was trying to get it from
[ns_config ns/server/[ns_info server]/modules nsopenssl]
and it defaults to 443 if nothing is found.
So if you're using a non-standard port for SSL, it uses 443 anyway.
I'll fix this hopefully tomorrow.