SSL fro hidden services
Dan Mahoney, System Admin
danm at prime.gushi.org
Thu Oct 20 13:22:18 UTC 2005
On Thu, 20 Oct 2005, Christian Beil wrote:
> Is it possible to access hidden services using SSL? Does this make sense at
> all?
You can certainly use https, and port 443.
That said, the certificate naming scheme may be way off, since there's no
concept of a valid certificate (I doubt verisign will want to sign one for
786237261871621.onion :)
However, assuming the user installs your self-signed cert, it *should*
work the same unless there's something I'm missing.)
Of course, you're really just protecting content from being sniffed
between the user and the entry node (usually, the same machine, but not
always), and the exit node and the hidden service (presumably, you control
both).
This is my understanding of it -- if someone has a better one please step
on me without hesitation :)
-Dan
--
"One...plus two...plus one...plus one."
-Tim Curry, Clue
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the tor-talk
mailing list