[tbb-dev] HTTP2+self-signed certificates

Matthew Finkel sysrqb at torproject.org
Thu Jul 9 21:09:04 UTC 2020

On Wed, Jul 01, 2020 at 08:35:44PM +0200, juanjo wrote:
> Hello,
> We all know HTTP2 is faster than HTTP1, the downside for Onion sites is that
> it requires encrypted connections by default.
> Getting TLS certificate validation for onion sites is very hard and
> impossible for some people.
> I wanna ask how Tor Browser behaves if you enable HTTP2 with a self-signed
> certificate?

I haven't tested it, but I see no reason why Tor Browser would behave
differently with respect to invalid TLS certificates over HTTP 1.0/1.1
and h2. I've wanted to test h2c over an onion service connection for a
long time now, but I haven't gotten around to it.

> Do you get a warning like on a normal website? If so, could TB change this
> behavior so onion sites can enable HTTP2 easier for faster webpages?

Unless I am missing something critical, your question is essentially
another motivation for fixing:

Am I missing something or are you only looking for confirmation?

More information about the tbb-dev mailing list