[tbb-dev] HTTP2+self-signed certificates

juanjo juanjo at avanix.es
Sat Jul 11 09:24:31 UTC 2020

Well, HTTP 1.0/1.1 does not need TLS. HTTP2 (h2) does need it.

I'm asking this because I was told that Firefox does not implement h2c 
(HTTP2 without the need for TLS) so I just asked here if would be 
possible to do not block self-signed certificates so a onion website can 
enabled HTTP2 for performance without the need of getting a valid 

Yes, seems issue 13410 is what I want...

El 9/7/20 a las 23:09, Matthew Finkel escribió:
> On Wed, Jul 01, 2020 at 08:35:44PM +0200, juanjo wrote:
>> Hello,
>> We all know HTTP2 is faster than HTTP1, the downside for Onion sites is that
>> it requires encrypted connections by default.
>> Getting TLS certificate validation for onion sites is very hard and
>> impossible for some people.
>> I wanna ask how Tor Browser behaves if you enable HTTP2 with a self-signed
>> certificate?
> I haven't tested it, but I see no reason why Tor Browser would behave
> differently with respect to invalid TLS certificates over HTTP 1.0/1.1
> and h2. I've wanted to test h2c over an onion service connection for a
> long time now, but I haven't gotten around to it.
>> Do you get a warning like on a normal website? If so, could TB change this
>> behavior so onion sites can enable HTTP2 easier for faster webpages?
> Unless I am missing something critical, your question is essentially
> another motivation for fixing:
> https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27636
> https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13410
> Am I missing something or are you only looking for confirmation?
> _______________________________________________
> tbb-dev mailing list
> tbb-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev

More information about the tbb-dev mailing list