[tbb-dev] HTTP2+self-signed certificates
Matthew Finkel
sysrqb at torproject.org
Sat Jul 11 12:31:05 UTC 2020
You asked a good question. Indeed, Firefox doesn't support h2c (and I
don't see any plans for supporting it in the future).
A solution for ticket #13410 is high on the Tor Browser developers'
priority list, but it most likely won't be fixed until early next year
(at the earliest).
On Sat, Jul 11, 2020 at 11:24:31AM +0200, juanjo wrote:
> Well, HTTP 1.0/1.1 does not need TLS. HTTP2 (h2) does need it.
>
> I'm asking this because I was told that Firefox does not implement h2c
> (HTTP2 without the need for TLS) so I just asked here if would be possible
> to do not block self-signed certificates so a onion website can enabled
> HTTP2 for performance without the need of getting a valid certificate.
>
> Yes, seems issue 13410 is what I want...
>
> El 9/7/20 a las 23:09, Matthew Finkel escribió:
> > On Wed, Jul 01, 2020 at 08:35:44PM +0200, juanjo wrote:
> > > Hello,
> > >
> > > We all know HTTP2 is faster than HTTP1, the downside for Onion sites is that
> > > it requires encrypted connections by default.
> > >
> > > Getting TLS certificate validation for onion sites is very hard and
> > > impossible for some people.
> > >
> > > I wanna ask how Tor Browser behaves if you enable HTTP2 with a self-signed
> > > certificate?
> > I haven't tested it, but I see no reason why Tor Browser would behave
> > differently with respect to invalid TLS certificates over HTTP 1.0/1.1
> > and h2. I've wanted to test h2c over an onion service connection for a
> > long time now, but I haven't gotten around to it.
> >
> > > Do you get a warning like on a normal website? If so, could TB change this
> > > behavior so onion sites can enable HTTP2 easier for faster webpages?
> > Unless I am missing something critical, your question is essentially
> > another motivation for fixing:
> > https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27636
> > https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13410
> >
> > Am I missing something or are you only looking for confirmation?
> > _______________________________________________
> > tbb-dev mailing list
> > tbb-dev at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
More information about the tbb-dev
mailing list