#24192: When I visit a V3 onion that supplies a invalid certificate, torbrowser will lookup the onion when the get certifice button is clicked --------------------------------------+-------------------------- Reporter: Dbryrtfbcbhgf | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Major | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+--------------------------
Comment (by asn): In general, if you are an onion operator and you want your onion address to be secret, you shouldn't configure SSL with an OCSP provider. Does self-signed certs use OCSP? I think handling this on the onion side and not on the client-side makes sense here. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24192#comment:6> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs