HTTPS has whole series of side-channel leaks, which can be exploited to fingerprint the tunnelled protocol: many implementations don't add padding or active probing resistance.
Sizable communications with an uncommon IP can be singled out by netflow analysis.
