Oddbean new post about | logout
captjack | 1 months ago (raw) | export | reply | flag +1 
 who has done https aka #SSL over onion #asknostr
(saw a few somewhere - guess many technical ways to do it - dns expensive + attack prone)
wss aka secure websocket may also possibility over 🧄
Big Barry Bitcoin | 1 months ago (raw) | root | parent | reply | flag 
 I think these are self signed certs, but honestly, ssl on a Tor Service (.onion site) is not useful afaik. The traffic is end to end encrypted already.
captjack | 1 months ago (raw) | root | parent | reply | flag 
 nope u missed big part last leg cleartxt - hence using any cert to encrypt is big think
who issue cert is not important - dummy self sign whatever so long sniffer cannot be content is good enough
Big Barry Bitcoin | 1 months ago (raw) | root | parent | reply | flag 
 Only if you are visiting a normal website. For .onion site, it is e2e encrypted.

Actually says it here too: https://tb-manual.torproject.org/onion-services/
captjack | 1 months ago (raw) | root | parent | reply | flag 
 NOPE IT WORNG EXIT NODE TO FINAL SITE = CLEARTXT
captjack | 1 months ago (raw) | root | parent | reply | flag 
 even in end to end onion there is possiblity with split traffic vs exit tor to clearnet site without ssl
captjack | 1 months ago (raw) | root | parent | reply | flag 
 MiM still a possibility