Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,005
    • Issues 1,005
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 5
    • Merge requests 5
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor Browser
  • Issues
  • #40418
Closed
Open
Created Apr 23, 2021 by Roger Dingledine@armaReporter

https-everywhere "encrypt all sites eligible" has compatibility issues with .securedrop.tor.onion names

When I turn on the "encrypt all sites eligible" feature in my Tor Browser's https everywhere, and then I visit lucyparsonslabs.securedrop.tor.onion (found by reading https://securedrop.org/news/introducing-onion-names-securedrop/) my https-everywhere pops up an "omg this is insecure" warning for the url "http://qn4qfeeslglmwxgb.onion/".

That's weird because I would have thought Tor Browser would special-case the .onion address. Maybe the .tor.onion syntax is throwing it off? Or maybe the rewrite to x.onion is happening at the wrong time compared to when https everywhere does its check?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking