Hello Galou,
You sure? The mirror list [0] has quite a lot more HTTP than HTTPS entries, and the "Running a mirror" site explicitly mentions _not_ forcing HTTP to HTTPS.
True, as soon as LetsEncrypt leaves the Beta state and allows for simple, secure, and automatic certificates there's no excuse not to run the mirror over HTTPS too. But until then it's either buy an expensive certificate, run the mirror over an 1st level domain supported by StartSSL, or use a self-signed certificate that many people won't trust.
Regards, /peter
[0] https://www.torproject.org/getinvolved/mirrors.html.en [1] https://www.torproject.org/docs/running-a-mirror.html.en#mirrorops
Am 21.12.2015 um 13:31 schrieb Galou Gentil:
Hi Vargr,
Running a Tor mirror website over a regular HTTP connection is such a bad idea, and should be considered as "bad practice" today. It would be great if you could force HTTPS.
Cheers,
Galou.
On Dec 21 2015, at 12:51 pm, Vargr Vargr@protonmail.com wrote: vargr@protonmail.com mailto:vargr@protonmail.com, Vargr, NL, Netherlands, NL, TRUE, FALSE, NO, http://http://tor.mirror.disciplesofdisorder.eu/, https://tor.mirror.disciplesofdisorder.eu/,,,http://tor.mirror.disciplesofdi...,
https://tor.mirror.disciplesofdisorder.eu/dist/,,vargrevir52vbte.onion,
Mon Dec 21 12:50 2015
Greetings, Vargr
Sent from ProtonMail https://protonmail.ch, encrypted email based in Switzerland.
_______________________________________________ tor-mirrors mailing list tor-mirrors@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors