[tor-talk] "Tor Circuit" list in TBB displaying incorrect exit node and IP address

Dave Warren dw at thedave.ca
Wed Dec 26 19:41:24 UTC 2018


On Sun, Dec 23, 2018, at 14:05, Roger Dingledine wrote:
> Assuming the difference is "cloudflare vs not cloudflare", check out
> https://trac.torproject.org/27590


One of the comments on this bug is severely wrong: 

"Why the hell doesn't it inform about using plain text .onion connections on https sites?!!! (No questions for https .onion alternate routes.) Example of cf alt-svc: cflarexljc3rw355ysrkrzwapozws6nre6xsy3n4yrj7taye3uiby3ad.onion:443 (plain text (http)!!!)"

This is not correct, alt-svc over port 443 not only uses https, but it uses the certificate of the original site (not the cflarex...onion) address displayed, ensuring that the alt-svc is valid and able to serve traffic for the original site's URL using a valid certificate.

I can't be arsed to register just to post one comment and correcting people who are severely confused about Cloudflare (and/or alt-svc) would easily be more than a single full time job, but it might be worth noting in this case to reduce confusion.



More information about the tor-talk mailing list