Well, HTTP 1.0/1.1 does not need TLS. HTTP2 (h2) does need it.
I'm asking this because I was told that Firefox does not implement h2c (HTTP2 without the need for TLS) so I just asked here if would be possible to do not block self-signed certificates so a onion website can enabled HTTP2 for performance without the need of getting a valid certificate.
Yes, seems issue 13410 is what I want...
El 9/7/20 a las 23:09, Matthew Finkel escribió:
On Wed, Jul 01, 2020 at 08:35:44PM +0200, juanjo wrote:
Hello,
We all know HTTP2 is faster than HTTP1, the downside for Onion sites is that it requires encrypted connections by default.
Getting TLS certificate validation for onion sites is very hard and impossible for some people.
I wanna ask how Tor Browser behaves if you enable HTTP2 with a self-signed certificate?
I haven't tested it, but I see no reason why Tor Browser would behave differently with respect to invalid TLS certificates over HTTP 1.0/1.1 and h2. I've wanted to test h2c over an onion service connection for a long time now, but I haven't gotten around to it.
Do you get a warning like on a normal website? If so, could TB change this behavior so onion sites can enable HTTP2 easier for faster webpages?
Unless I am missing something critical, your question is essentially another motivation for fixing: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27636 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13410
Am I missing something or are you only looking for confirmation? _______________________________________________ tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev