Why? Tor encrypts everything in transit, but not between you and the first server, and not between the last server and the target machine. Anybody listening to your output stream, or the stream to and from the remote server, can see everything in plaintext - the URL, and its parameters particularly.
With SSL, you know the URL is encrypted between your machine and the remote server, as is the returned page. On Sat, 13 Oct 2018 at 18:56, Adam Jensen hanzer@riseup.net wrote:
On 10/02/2018 07:01 AM, Peter Brooks wrote:
I'm setting up a tor site on ubuntu, using apache2 to work with ssl.
This might be a goofy question but why would SSL ever be used with a Tor Hidden Service?
Also, isn't the Apache web server still vulnerable to application layer slow post denial of service attacks?
https://sourceforge.net/projects/torshammer/ https://github.com/llaera/slowloris.pl https://github.com/marant/goloris _______________________________________________ tor-onions mailing list tor-onions@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions