[tor-relays] TorBrowser HTTPS-Only Mode

Matthew Finkel matthew.finkel at gmail.com
Sun Apr 25 20:53:29 UTC 2021

On Sun, Apr 25, 2021 at 7:13 PM nusenu <nusenu-lists at riseup.net> wrote:
> > (FWIW: on the client side there is still the HTTPS-only mode in the
> > pipeline, which could easily be a game-changer here, too.)
> Is the torproject backporting https-only mode [1] to 78esr / Tor Browser?

No. Firefox 78esr has an older version of https-only mode, but newer versions
of Firefox have many bugfixes. We don't feel comfortable enabling the current
implementation available in Tor Browser, and backporting the fixes/improvements
would be challenging. Currently, our recommendation is enabling EASE mode in
https-everywhere if you feel comfortable with the trade-offs, but that mode has
usability issues as well, and we aren't comfortable enabling that for everyone.

When Tor Browser migrates to Firefox 91esr we will look at enabling https-only
mode for everyone, but there remains a significant concern that there are many
sites that do not support HTTPS (especially more region specific sites) and the
question of what messaging Tor Browser should use in that case.

> kind regards,
> nusenu
> [1] https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
> --
> https://nusenu.github.io
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list