Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use http for .onion content #624

Merged
merged 1 commit into from
Mar 23, 2020
Merged

use http for .onion content #624

merged 1 commit into from
Mar 23, 2020

Conversation

wschwab
Copy link
Contributor

@wschwab wschwab commented Mar 15, 2020

Potentially solves #623

As mentioned in the comment in the issue, many .onion sites do not have SSL certs, and some even see them as detrimental. I have yet to see a v3 (super long 56 character addresses) address that can be accessed using https://, including the CIA's, though I cannot confirm if there's something built in to these addresses that doesn't allow it.

As a result of the above, this PR proposes connecting to .onion content using http://, not https://. Since .onion sites are already end-to-end encrypted, this shouldn't weaken security. (Some sources linked in #623 in the comment.)

@Arachnid Arachnid requested a review from jefflau March 17, 2020 22:18
@makoto makoto merged commit a64d9b5 into ensdomains:dev Mar 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants