[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?

On Sat, 22 Sep 2018 15:28:19 +0100
Ben Tasker <ben@xxxxxxxxxxxxxxx> wrote:

> You need to configure your onion server block to respond on port 443 _and_
> to handle your clearnet host header (and serve a publicly trusted
> certificate matching that name). Alt-Svc tells the browser to use the
> alternate address as a trusted origin for the service it's connecting to,
> so it'll connect to 1234.onion and request www.example.com

Also, do you mean there's no way to have an Alt-Svc with "[...].onion:80",
directing to a plain HTTP connection to the hidden service? (Assuming the
initial request to the clearnet site was on HTTPS.)

There is no point in running HTTPS-over-Tor-hidden-service, as .onion traffic
is already authenticated and encrypted, it only adds useless overhead. If
there's no way around that with the alt-svc scheme, that seems like a huge

With respect,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to