● NEWS ● #TorProject #tor ☞ New Release: #TorBrowser 10.5a3 https://blog.torproject.org/new-release-tor-browser-105a3
Follow
@schestowitz #TorBrowser still throws an unnecessary fit when an SSL cert on an #onion site is self-signed. Then after several clicks to reassure TB that it's not an issue, it still in the end falls over with "secure connection failed.. [try again]". WTF, #Tor devs should know SSL to an onion site is redundant.
@resist1984 @schestowitz Yes, for Onion-sites TLS/SSL is mostly redundant. However if you are connecting to a site on the web without HTTP over TOR (e.g. http://duckduckgo.com), you'd still have to trust the Exit-Node to not be malicious.
Tor devs probably preferred consistent behavior :)
@rarepublic @schestowitz it doesn't make sense to give consistent treatment to inconsistent circumstances.
@schestowitz And when clicking on the cert details of an onion site, #TorBrowser says "Information you submit could be viewed by others (like passwords,..)" Tor Browser is lying.