SSL in Wikipedia 
The public SSL certificate authority system is not to be trusted. Too many security breaches happened before. 
See also Man-in-the-middle attacks.
Whonix ™ Technical Design
SSL certificates, especially for https://check.torproject.org (check.tpo) are not yet pinned in Whonix ™. Eventually that will be done in future. That needs some more discussion. How that technically could be done is documented under Dev/SSL Certificate Pinning. This has low priority for Whonix ™, since not even the Tor Browser Bundle does pin the check.tpo SSL certificate, which is a much bigger issue. Whonix ™ developer adrelanos does not agree with "low priority" in TBB. See TBB: hardcode SSL cert check to prevent MITM.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)