This is actually in the rule engine. Look for a rule similar to "ports allowed to connect" under SSL Scanner > Handle Connect call OR a rule set called Restrict CONNECT ports. A rule engine trace will help if you have trouble locating it.
Fantastic, that was it.
So we can pull 8443 out of the Configuration | Proxies | HTTP Proxy | Ports treated as SSL area?