On Sat, 22 Sep 2018 15:28:19 +0100 Ben Tasker <b...@bentasker.co.uk> wrote:
> You need to configure your onion server block to respond on port 443 _and_ > to handle your clearnet host header (and serve a publicly trusted > certificate matching that name). Alt-Svc tells the browser to use the > alternate address as a trusted origin for the service it's connecting to, > so it'll connect to 1234.onion and request www.example.com Also, do you mean there's no way to have an Alt-Svc with "[...].onion:80", directing to a plain HTTP connection to the hidden service? (Assuming the initial request to the clearnet site was on HTTPS.) There is no point in running HTTPS-over-Tor-hidden-service, as .onion traffic is already authenticated and encrypted, it only adds useless overhead. If there's no way around that with the alt-svc scheme, that seems like a huge oversight. -- With respect, Roman -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk