[tbb-dev] HTTP2+self-signed certificates
Matthew Finkel
sysrqb at torproject.org
Thu Jul 9 21:09:04 UTC 2020
On Wed, Jul 01, 2020 at 08:35:44PM +0200, juanjo wrote:
> Hello,
>
> We all know HTTP2 is faster than HTTP1, the downside for Onion sites is that
> it requires encrypted connections by default.
>
> Getting TLS certificate validation for onion sites is very hard and
> impossible for some people.
>
> I wanna ask how Tor Browser behaves if you enable HTTP2 with a self-signed
> certificate?
I haven't tested it, but I see no reason why Tor Browser would behave
differently with respect to invalid TLS certificates over HTTP 1.0/1.1
and h2. I've wanted to test h2c over an onion service connection for a
long time now, but I haven't gotten around to it.
>
> Do you get a warning like on a normal website? If so, could TB change this
> behavior so onion sites can enable HTTP2 easier for faster webpages?
Unless I am missing something critical, your question is essentially
another motivation for fixing:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27636
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13410
Am I missing something or are you only looking for confirmation?
More information about the tbb-dev
mailing list