Skip to content

Bug 19850: Disable Plaintext HTTP Clearnet Connections

As discussed on #19850 (closed), it is time for us to force Tor Browser traffic to go on HTTPS only.

As reported by Arthur on #19850 (comment 2772089), Firefox's HTTPS-Only mode can coexist with HTTPS-Everywhere, so we can enable it as soon as possible.

In this MR, I also redefined to be false, even though it already is. I do not see why Mozilla should change this, but I discussed that on IRC, and we decided to do so, to be on the safe side.

I expressed other questions on #19850 (comment 2777613), especially about

It makes sense to me to keep it enabled (see the comment, and the attached paper).

We could disable it for Safer/Safest modes, but that would be a different MR on torbutton 🙂.

Merge request reports