In SGOS 6.5.5.x and later, the behavior of the appliance has changed to handle the HTTP CONNECT request on port 80. Now the proxy allows CONNECT requests on port 80.
Previous to SGOS 6.5.5.x, using any port other than 443 for CONNECT requests with detect protocol disabled results in the request being denied.

Note: This issue is applicable only if protocol detection is disabled. When protocol detection is enabled, we allow HTTP CONNECT on an arbitrary port, as long as the protocol detected inside is SSL. 

See the following for examples:

CONNECT request behavior on port 80 in SGOS 6.5.4.4:

CONNECT tcp://www.google.de:80/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
EXCEPTION(connect_method_denied): CONNECT to a port other then 443 (the default HTTPS port) are not permitted
url.category: Search Engines/[email protected] Coat

CONNECT request behavior on port 80 in SGOS 6.5.5.7:

connection: service.name=Explicit HTTP client.address=10.167.7.233 proxy.port=8080
time: 2015-02-24 20:04:18 UTC
CONNECT tcp://www.google.de:80/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
user: unauthenticated
authentication status='not_attempted' authorization status='not_attempted'
url.category: Search Engines/[email protected] Coat
total categorization time: 0
static categorization time: 0
server.response.code: 0
client.response.code: 200

This behavior was updated for WebSocket support in SGOS 6.5.5.2 (to prevent plain WebSocket from failing).
In explicit mode, HTTP proxy would receive a HTTP CONNECT on HTTP port (port 80 as a plain WebSocket).

If you need to use any other port other than 80 or 443 for CONNECT (with protocol detection disabled) then you can use the KB article below for the workaround. 

https://knowledge.broadcom.com/external/article?articleId=166814