Hello Galou, You sure? The mirror list [0] has quite a lot more HTTP than HTTPS entries, and the "Running a mirror" site explicitly mentions _not_ forcing HTTP to HTTPS.
True, as soon as LetsEncrypt leaves the Beta state and allows for simple, secure, and automatic certificates there's no excuse not to run the mirror over HTTPS too. But until then it's either buy an expensive certificate, run the mirror over an 1st level domain supported by StartSSL, or use a self-signed certificate that many people won't trust. Regards, /peter [0] https://www.torproject.org/getinvolved/mirrors.html.en [1] https://www.torproject.org/docs/running-a-mirror.html.en#mirrorops Am 21.12.2015 um 13:31 schrieb Galou Gentil: > Hi Vargr, > > Running a Tor mirror website over a regular HTTP connection is such > a bad idea, and should be considered as "bad practice" today. It > would be great if you could force HTTPS. > > Cheers, > > Galou. > > On Dec 21 2015, at 12:51 pm, Vargr <[email protected]> wrote: > [email protected] <mailto:[email protected]>, Vargr, NL, > Netherlands, NL, TRUE, FALSE, NO, > http://http://tor.mirror.disciplesofdisorder.eu/, > https://tor.mirror.disciplesofdisorder.eu/,,,http://tor.mirror.disciplesofdisorder.eu/dist/, > > > > https://tor.mirror.disciplesofdisorder.eu/dist/,,vargrevir52vbte.onion, > Mon Dec 21 12:50 2015 > > > Greetings, Vargr > > Sent from ProtonMail <https://protonmail.ch>, encrypted email > based in Switzerland. > > > > _______________________________________________ tor-mirrors mailing > list [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-mirrors mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
